コード例 #1
0
 internal void Add(TaintResult Result)
 {
     if (Result.SourceTaint)
     {
         this.SourceReasons.AddRange(Result.SourceReasons);
     }
     if (Result.SinkTaint)
     {
         this.SinkReasons.AddRange(Result.SinkReasons);
     }
     if (Result.NeutralReasons.Count > 0)
     {
         this.NeutralReasons.AddRange(Result.NeutralReasons);
     }
     if (Result.MethodNameReasons.Count > 0)
     {
         this.MethodNameReasons.AddRange(Result.MethodNameReasons);
     }
     if (Result.MethodArgumentSourceReasons.Count > 0)
     {
         this.MethodArgumentSourceReasons.AddRange(Result.MethodArgumentSourceReasons);
     }
     if (Result.MethodArgumentSinkReasons.Count > 0)
     {
         this.MethodArgumentSinkReasons.AddRange(Result.MethodArgumentSinkReasons);
     }
     if (Result.MethodArgumentNeutralReasons.Count > 0)
     {
         this.MethodArgumentNeutralReasons.AddRange(Result.MethodArgumentNeutralReasons);
     }
 }
コード例 #2
0
ファイル: ItemChecker.cs プロジェクト: war-and-code/IronWASP
        TaintResult IsMethodArgumentsMatch(List <JintItem> ItemArguments, List <JintItem> TemplateArguments)
        {
            TaintResult Result = new TaintResult();

            if (IJ.IsTimedOut())
            {
                return(Result);
            }
            if (ItemArguments.Count != TemplateArguments.Count)
            {
                return(Result);
            }

            for (int i = 0; i < ItemArguments.Count; i++)
            {
                if ((ItemArguments[i].SubItems.Count > 0) && (TemplateArguments[i].SubItems.Count > 0))
                {
                    if (TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer)
                    {
                        Result.Add(Check(ItemArguments[i].SubItems));
                    }
                }
            }

            return(Result);
        }
コード例 #3
0
ファイル: ItemChecker.cs プロジェクト: war-and-code/IronWASP
        internal TaintResult Check(List <JintItem> Item)
        {
            TaintResult Result = new TaintResult();

            if (IJ.IsTimedOut())
            {
                return(Result);
            }

            List <List <JintItem> > ItemParts = GetItemParts(Item);

            foreach (List <JintItem> Part in ItemParts)
            {
                Result.Add(IsTainted(Part));
                //When tracing keyword if keyword is inside string value even then it should be treated as a source
                if (IJ.TraceKeyword)
                {
                    foreach (JintItem PartItem in Part)
                    {
                        if ((PartItem.State == JintState.StringValue || PartItem.State == JintState.IntValue) && PartItem.Value.IndexOf(IJ.KeywordToTrace, StringComparison.OrdinalIgnoreCase) > -1)
                        {
                            Result.SourceReasons.Add("Matches with Keyword being traced");
                        }
                    }
                }
            }
            return(Result);
        }
コード例 #4
0
ファイル: TaintResult.cs プロジェクト: 0ks3ii/IronWASP
 internal void Add(TaintResult Result)
 {
     if (Result.SourceTaint) this.SourceReasons.AddRange(Result.SourceReasons);
     if (Result.SinkTaint) this.SinkReasons.AddRange(Result.SinkReasons);
     if(Result.NeutralReasons.Count > 0) this.NeutralReasons.AddRange(Result.NeutralReasons);
     if (Result.MethodNameReasons.Count > 0) this.MethodNameReasons.AddRange(Result.MethodNameReasons);
     if (Result.MethodArgumentSourceReasons.Count > 0) this.MethodArgumentSourceReasons.AddRange(Result.MethodArgumentSourceReasons);
     if (Result.MethodArgumentSinkReasons.Count > 0) this.MethodArgumentSinkReasons.AddRange(Result.MethodArgumentSinkReasons);
     if (Result.MethodArgumentNeutralReasons.Count > 0) this.MethodArgumentNeutralReasons.AddRange(Result.MethodArgumentNeutralReasons);
 }
コード例 #5
0
ファイル: TaintResult.cs プロジェクト: 0ks3ii/IronWASP
 internal void AddAsSource(TaintResult Result)
 {
     if (Result.SourceTaint) this.SourceReasons.AddRange(Result.SourceReasons);
     if (Result.SinkTaint) this.SinkReasons.AddRange(Result.SinkReasons);
     if (Result.NeutralReasons.Count > 0) this.SourceReasons.AddRange(Result.NeutralReasons);
     if(Result.MethodNameReasons.Count > 0)
     {
         this.SourceReasons.AddRange(Result.MethodNameReasons);
     }
 }
コード例 #6
0
        TaintResult IsTainted(List <JintItem> Item)
        {
            TaintResult Result = new TaintResult();

            //Check if Item matches any of the SourceObjects
            foreach (List <JintItem> SourceItem in IJ.SourceObjects)
            {
                TaintResult SourceTaintResult = IsMatch(Item, SourceItem);
                if (SourceTaintResult.NeutralReasons.Count > 0)
                {
                    Result.AddAsSource(SourceItem, "Matches SourceObject - " + GetItemAsString(SourceItem));
                }
            }


            //Check if Item matches any of the SinkObjects
            foreach (List <JintItem> SinkItem in IJ.SinkObjects)
            {
                TaintResult SinkTaintResult = IsMatch(Item, SinkItem);
                if (SinkTaintResult.NeutralReasons.Count > 0)
                {
                    Result.AddAsSink(SinkItem, "Matches SinkObject - " + GetItemAsString(SinkItem));
                }
            }

            //Check if Item is a method call, then method call related checks can be made
            List <JintItem> Arguments = GetLastMethodArguments(Item);

            if (Arguments.Count > 0)
            {
                //Item is a method.
                //Check if Item matches any SourceReturningMethods
                foreach (List <JintItem> SourceItem in IJ.SourceReturningMethods)
                {
                    TaintResult SourceTaintResult = IsMatch(Item, SourceItem);
                    if (SourceTaintResult.NeutralReasons.Count > 0)
                    {
                        Result.AddAsSource(SourceItem, "Matches Source Returning Method - " + GetItemAsString(SourceItem));
                    }
                }
                //Check if Item matches any SinkReturningMethods
                foreach (List <JintItem> SinkItem in IJ.SinkReturningMethods)
                {
                    TaintResult SinkTaintResult = IsMatch(Item, SinkItem);
                    if (SinkTaintResult.NeutralReasons.Count > 0)
                    {
                        Result.AddAsSink(SinkItem, "Matches Sink Returning Method - " + GetItemAsString(SinkItem));
                    }
                }

                //Now to check with ArgumentReturningMethods
                //First check if any of the arguments of Item are Sources or Sinks
                List <int> SourceTaintedArgumentPositions = new List <int>();
                List <int> SinkTaintedArgumentPositions   = new List <int>();
                for (int i = 0; i < Arguments.Count; i++)
                {
                    TaintResult ArgResult = IsTainted(Arguments[i].SubItems);
                    if (ArgResult.SourceTaint)
                    {
                        SourceTaintedArgumentPositions.Add(i);
                    }
                    if (ArgResult.SinkTaint)
                    {
                        SinkTaintedArgumentPositions.Add(i);
                    }
                }
                //If there are any Sources or Sinks then check if Item matches the ArgumentReturningMethods
                if (SourceTaintedArgumentPositions.Count > 0 || SinkTaintedArgumentPositions.Count > 0)
                {
                    foreach (List <JintItem> MethodItem in IJ.ArgumentReturningMethods)
                    {
                        TaintResult MethodReturnResult = DoItemsMatch(Item, MethodItem);
                        //If Item matches any ArgumentReturningMethod item check if the TaintPointer position matches the source or sink argument posistions in Item
                        if (MethodReturnResult.NeutralReasons.Count > 0)
                        {
                            List <JintItem> TemplateArguments = GetLastMethodArguments(MethodItem);
                            if (TemplateArguments.Count == Arguments.Count)
                            {
                                for (int j = 0; j < TemplateArguments.Count; j++)
                                {
                                    if (TemplateArguments[j].SubItems.Count == 1)
                                    {
                                        if (TemplateArguments[j].SubItems[0].State == JintState.MethodCallArgumentTaintPointer)
                                        {
                                            if (SourceTaintedArgumentPositions.Contains(j))
                                            {
                                                Result.AddAsSource(MethodItem, "Method - " + GetItemAsString(MethodItem) + " - returns a Source passed in at argument position " + (j + 1).ToString());
                                            }
                                            if (SinkTaintedArgumentPositions.Contains(j))
                                            {
                                                Result.AddAsSink(MethodItem, "Method - " + GetItemAsString(MethodItem) + " - returns a Sink passed in at argument position " + (j + 1).ToString());
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }

            int LineNo = 0;

            if (Item.Count > 0)
            {
                LineNo = Item[0].LineNo;
            }
            if (LineNo == 0)
            {
                LineNo = IJ.CurrentLineNo;
            }
            if (IronJint.SourceLinesToIgnore.Contains(LineNo))
            {
                Result.SourceReasons.Clear();
            }
            if (IronJint.SourceLinesToInclude.Contains(LineNo))
            {
                Result.SourceReasons.Add("Source set by User");
            }
            if (IronJint.SinkLinesToIgnore.Contains(LineNo))
            {
                Result.SinkReasons.Clear();
            }
            if (IronJint.SinkLinesToInclude.Contains(LineNo))
            {
                Result.SinkReasons.Add("Sink set by User");
            }

            return(Result);
        }
コード例 #7
0
        internal TaintResult DoItemsMatch(List <JintItem> Item, List <JintItem> Template, bool MethodCall)
        {
            TaintResult Result             = new TaintResult();
            int         ItemMatchIndex     = 0;
            int         TemplateMatchIndex = 0;

            bool MatchFailed = false;

            while ((ItemMatchIndex < Item.Count) && (TemplateMatchIndex < Template.Count) && !MatchFailed)
            {
                switch (Template[TemplateMatchIndex].State)
                {
                case (JintState.Identifier):
                    switch (Item[ItemMatchIndex].State)
                    {
                    case (JintState.Identifier):
                    case (JintState.Property):
                    case (JintState.StringIndex):
                        if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.IdentifierIndex):
                    case (JintState.Indexer):
                        string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IndexValue.Length > 0 && IndexValue.Equals(Template[TemplateMatchIndex].Value))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.MethodCallName):
                        if (MethodCall)
                        {
                            MatchFailed = true;
                        }
                        else
                        {
                            if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                            {
                                Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                            }
                            else
                            {
                                MatchFailed = true;
                            }
                        }
                        break;

                    default:
                        MatchFailed = true;
                        break;
                    }
                    break;

                case (JintState.Property):
                case (JintState.StringIndex):
                    switch (Item[ItemMatchIndex].State)
                    {
                    case (JintState.Property):
                    case (JintState.StringIndex):
                        if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.IdentifierIndex):
                    case (JintState.Indexer):
                        string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IndexValue.Length > 0 && IndexValue.Equals(Template[TemplateMatchIndex].Value))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.MethodCallName):
                        if (MethodCall)
                        {
                            if (Template.Count > TemplateMatchIndex + 1 && Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                            {
                                if (Template[TemplateMatchIndex + 1].State == JintState.MethodCallName && Template[TemplateMatchIndex + 1].Value.Length == 0)
                                {
                                    TemplateMatchIndex++;
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                    List <JintItem> ItemArguments     = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                    List <JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                    ItemMatchIndex     = ItemMatchIndex + ItemArguments.Count;
                                    TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                }
                                else
                                {
                                    MatchFailed = true;
                                }
                            }
                            else
                            {
                                MatchFailed = true;
                            }
                        }
                        else
                        {
                            if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                            {
                                Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                            }
                            else
                            {
                                MatchFailed = true;
                            }
                        }
                        break;

                    default:
                        MatchFailed = true;
                        break;
                    }
                    break;

                case (JintState.IdentifierIndex):
                    string TemplateItemValue = GetIndexStringValue(Template[TemplateMatchIndex]);
                    switch (Item[ItemMatchIndex].State)
                    {
                    case (JintState.Property):
                    case (JintState.StringIndex):
                        if (Item[ItemMatchIndex].Value.Equals(TemplateItemValue))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.IdentifierIndex):
                        string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else if (IndexValue.Length > 0 && IndexValue.Equals(TemplateItemValue))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.Indexer):
                        string IndexerValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IndexerValue.Length > 0 && IndexerValue.Equals(TemplateItemValue))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.MethodCallName):
                        if (Template.Count > TemplateMatchIndex + 1 && Item[ItemMatchIndex].Value.Equals(TemplateItemValue))
                        {
                            if (Template[TemplateMatchIndex + 1].State == JintState.MethodCallName && Template[TemplateMatchIndex + 1].Value.Length == 0)
                            {
                                TemplateMatchIndex++;
                                Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                List <JintItem> ItemArguments     = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                List <JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                ItemMatchIndex     = ItemMatchIndex + ItemArguments.Count;
                                TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                            }
                            else
                            {
                                MatchFailed = true;
                            }
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    default:
                        MatchFailed = true;
                        break;
                    }
                    break;

                case (JintState.Indexer):
                    string TemplateIndexerValue = GetIndexStringValue(Template[TemplateMatchIndex]);
                    switch (Item[ItemMatchIndex].State)
                    {
                    case (JintState.StringIndex):
                        if (Item[ItemMatchIndex].Value.Equals(TemplateIndexerValue))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.IdentifierIndex):
                        string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IndexValue.Length > 0 && IndexValue.Equals(TemplateIndexerValue))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.Indexer):
                        string IndexerValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IsMatch(Item[ItemMatchIndex].SubItems, Template[TemplateMatchIndex].SubItems).NeutralReasons.Count > 0)
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else if (IndexerValue.Length > 0 && IndexerValue.Equals(TemplateIndexerValue))
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.MethodCallName):
                        if (Template.Count > TemplateMatchIndex + 1 && Item[ItemMatchIndex].Value.Equals(TemplateIndexerValue))
                        {
                            if (Template[TemplateMatchIndex + 1].State == JintState.MethodCallName && Template[TemplateMatchIndex + 1].Value.Length == 0)
                            {
                                TemplateMatchIndex++;
                                Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                List <JintItem> ItemArguments     = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                List <JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                ItemMatchIndex     = ItemMatchIndex + ItemArguments.Count;
                                TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                            }
                            else
                            {
                                MatchFailed = true;
                            }
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    default:
                        MatchFailed = true;
                        break;
                    }
                    break;

                case (JintState.MethodCallName):
                    switch (Item[ItemMatchIndex].State)
                    {
                    case (JintState.MethodCallName):
                        if (MethodCall)
                        {
                            if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                            {
                                Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                List <JintItem> ItemArguments     = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                List <JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                ItemMatchIndex     = ItemMatchIndex + ItemArguments.Count;
                                TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                            }
                            else
                            {
                                MatchFailed = true;
                            }
                        }
                        else
                        {
                            MatchFailed = true;
                        }

                        break;

                    case (JintState.StringIndex):
                        if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                        {
                            if (Item.Count > ItemMatchIndex + 1)
                            {
                                if (Item[ItemMatchIndex + 1].State == JintState.MethodCallName && Item[ItemMatchIndex + 1].Value.Length == 0 && MethodCall)
                                {
                                    ItemMatchIndex++;
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                    List <JintItem> ItemArguments     = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                    List <JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                    ItemMatchIndex     = ItemMatchIndex + ItemArguments.Count;
                                    TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                }
                                else
                                {
                                    MatchFailed = true;
                                }
                            }
                            else
                            {
                                if (MethodCall)
                                {
                                    MatchFailed = true;
                                }
                            }
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.IdentifierIndex):
                        string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IndexValue.Length > 0 && IndexValue.Equals(Template[TemplateMatchIndex].Value))
                        {
                            if (Item.Count > ItemMatchIndex + 1)
                            {
                                if (Item[ItemMatchIndex + 1].State == JintState.MethodCallName && Item[ItemMatchIndex + 1].Value.Length == 0 && MethodCall)
                                {
                                    ItemMatchIndex++;
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                    List <JintItem> ItemArguments     = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                    List <JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                    ItemMatchIndex     = ItemMatchIndex + ItemArguments.Count;
                                    TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                }
                                else
                                {
                                    MatchFailed = true;
                                }
                            }
                            else
                            {
                                if (MethodCall)
                                {
                                    MatchFailed = true;
                                }
                            }
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.Indexer):
                        string IndexerValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IndexerValue.Length > 0 && IndexerValue.Equals(Template[TemplateMatchIndex].Value))
                        {
                            if (Item.Count > ItemMatchIndex + 1)
                            {
                                if (Item[ItemMatchIndex + 1].State == JintState.MethodCallName && Item[ItemMatchIndex + 1].Value.Length == 0 && MethodCall)
                                {
                                    ItemMatchIndex++;
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                    List <JintItem> ItemArguments     = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                    List <JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                    ItemMatchIndex     = ItemMatchIndex + ItemArguments.Count;
                                    TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                }
                                else
                                {
                                    MatchFailed = true;
                                }
                            }
                            else
                            {
                                if (MethodCall)
                                {
                                    MatchFailed = true;
                                }
                            }
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    case (JintState.Property):
                        if (!MethodCall && Item.Count == ItemMatchIndex + 1)
                        {
                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                        }
                        else
                        {
                            MatchFailed = true;
                        }
                        break;

                    default:
                        MatchFailed = true;
                        break;
                    }
                    break;

                default:
                    MatchFailed = true;
                    break;
                }
                ItemMatchIndex++;
                TemplateMatchIndex++;
            }
            if (TemplateMatchIndex != Template.Count)
            {
                MatchFailed = true;
            }
            if (MatchFailed)
            {
                Result.NeutralReasons.Clear();
                Result.SourceReasons.Clear();
                Result.SinkReasons.Clear();
                Result.MethodNameReasons.Clear();
                Result.MethodArgumentSinkReasons.Clear();
                Result.MethodArgumentSourceReasons.Clear();
                Result.MethodArgumentNeutralReasons.Clear();
                Result.SourceToSinkReasons.Clear();
            }
            return(Result);
        }
コード例 #8
0
        internal TaintResult IsMatch(List <JintItem> Item, List <JintItem> Template)
        {
            TaintResult Result = new TaintResult();

            if (Item.Count == 0)
            {
                return(Result);
            }
            if (Template.Count == 0)
            {
                return(Result);
            }

            if ((Item[0].State != JintState.Identifier) && (Item[0].State != JintState.MethodCallName))
            {
                //MessageBox.Show("Item starts with - " + Item[0].State.ToString());
                return(Result);
            }
            if ((Template[0].State != JintState.Identifier) && (Template[0].State != JintState.MethodCallName))
            {
                //MessageBox.Show("Template starts with - " + Template[0].State.ToString());
                return(Result);
            }

            int ItemMatchIndex = 0;

            while (ItemMatchIndex < Item.Count)
            {
                switch (Template[0].State)
                {
                case (JintState.Identifier):
                    switch (Item[ItemMatchIndex].State)
                    {
                    case (JintState.Identifier):
                    case (JintState.Property):
                    case (JintState.StringIndex):
                        if (Item[ItemMatchIndex].Value.Equals(Template[0].Value))
                        {
                            Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
                        }
                        break;

                    case (JintState.IdentifierIndex):
                    case (JintState.Indexer):
                        string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IndexValue.Length > 0 && IndexValue.Equals(Template[0].Value))
                        {
                            Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
                        }
                        break;
                    }
                    break;

                case (JintState.MethodCallName):
                    switch (Item[ItemMatchIndex].State)
                    {
                    case (JintState.MethodCallName):
                    case (JintState.StringIndex):
                        if (Item[ItemMatchIndex].Value.Equals(Template[0].Value))
                        {
                            Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
                        }
                        break;

                    case (JintState.IdentifierIndex):
                    case (JintState.Indexer):
                        string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                        if (IndexValue.Length > 0 && IndexValue.Equals(Template[0].Value))
                        {
                            Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
                        }
                        break;
                    }
                    break;
                }
                ItemMatchIndex++;
            }
            return(Result);
        }
コード例 #9
0
ファイル: ItemChecker.cs プロジェクト: welias/IronWASP
        TaintResult IsTainted(List<JintItem> Item)
        {
            TaintResult Result = new TaintResult();

            //Check if Item matches any of the SourceObjects
            foreach (List<JintItem> SourceItem in IJ.SourceObjects)
            {
                TaintResult SourceTaintResult = IsMatch(Item, SourceItem);
                if(SourceTaintResult.NeutralReasons.Count > 0) Result.AddAsSource(SourceItem, "Matches SourceObject - " + GetItemAsString(SourceItem));
            }

            //Check if Item matches any of the SinkObjects
            foreach (List<JintItem> SinkItem in IJ.SinkObjects)
            {
                TaintResult SinkTaintResult = IsMatch(Item, SinkItem);
                if (SinkTaintResult.NeutralReasons.Count > 0) Result.AddAsSink(SinkItem, "Matches SinkObject - " + GetItemAsString(SinkItem));
            }

            //Check if Item is a method call, then method call related checks can be made
            List<JintItem> Arguments = GetLastMethodArguments(Item);
            if (Arguments.Count > 0)
            {
                //Item is a method.
                //Check if Item matches any SourceReturningMethods
                foreach (List<JintItem> SourceItem in IJ.SourceReturningMethods)
                {
                    TaintResult SourceTaintResult = IsMatch(Item, SourceItem);
                    if (SourceTaintResult.NeutralReasons.Count > 0) Result.AddAsSource(SourceItem, "Matches Source Returning Method - " + GetItemAsString(SourceItem));
                }
                //Check if Item matches any SinkReturningMethods
                foreach (List<JintItem> SinkItem in IJ.SinkReturningMethods)
                {
                    TaintResult SinkTaintResult = IsMatch(Item, SinkItem);
                    if (SinkTaintResult.NeutralReasons.Count > 0) Result.AddAsSink(SinkItem, "Matches Sink Returning Method - " + GetItemAsString(SinkItem));
                }

                //Now to check with ArgumentReturningMethods
                //First check if any of the arguments of Item are Sources or Sinks
                List<int> SourceTaintedArgumentPositions = new List<int>();
                List<int> SinkTaintedArgumentPositions = new List<int>();
                for(int i=0; i<Arguments.Count;i++)
                {
                    TaintResult ArgResult = IsTainted(Arguments[i].SubItems);
                    if (ArgResult.SourceTaint) SourceTaintedArgumentPositions.Add(i);
                    if (ArgResult.SinkTaint) SinkTaintedArgumentPositions.Add(i);
                }
                //If there are any Sources or Sinks then check if Item matches the ArgumentReturningMethods
                if (SourceTaintedArgumentPositions.Count > 0 || SinkTaintedArgumentPositions.Count > 0)
                {
                    foreach (List<JintItem> MethodItem in IJ.ArgumentReturningMethods)
                    {
                        TaintResult MethodReturnResult = DoItemsMatch(Item, MethodItem);
                        //If Item matches any ArgumentReturningMethod item check if the TaintPointer position matches the source or sink argument posistions in Item
                        if (MethodReturnResult.NeutralReasons.Count > 0)
                        {
                            List<JintItem> TemplateArguments = GetLastMethodArguments(MethodItem);
                            if (TemplateArguments.Count == Arguments.Count)
                            {
                                for (int j = 0; j < TemplateArguments.Count; j++)
                                {
                                    if (TemplateArguments[j].SubItems.Count == 1)
                                    {
                                        if (TemplateArguments[j].SubItems[0].State == JintState.MethodCallArgumentTaintPointer)
                                        {
                                            if (SourceTaintedArgumentPositions.Contains(j))
                                                Result.AddAsSource(MethodItem, "Method - " + GetItemAsString(MethodItem) + " - returns a Source passed in at argument position " + (j + 1).ToString());
                                            if (SinkTaintedArgumentPositions.Contains(j))
                                                Result.AddAsSink(MethodItem, "Method - " + GetItemAsString(MethodItem) + " - returns a Sink passed in at argument position " + (j + 1).ToString());
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }

            int LineNo = 0;
            if (Item.Count > 0) LineNo = Item[0].LineNo;
            if (LineNo == 0) LineNo = IJ.CurrentLineNo;
            if (IronJint.SourceLinesToIgnore.Contains(LineNo)) Result.SourceReasons.Clear();
            if (IronJint.SourceLinesToInclude.Contains(LineNo)) Result.SourceReasons.Add("Source set by User");
            if (IronJint.SinkLinesToIgnore.Contains(LineNo)) Result.SinkReasons.Clear();
            if (IronJint.SinkLinesToInclude.Contains(LineNo)) Result.SinkReasons.Add("Sink set by User");

            return Result;
        }
コード例 #10
0
ファイル: ItemChecker.cs プロジェクト: welias/IronWASP
        TaintResult IsMethodArgumentsMatch(List<JintItem> ItemArguments, List<JintItem> TemplateArguments)
        {
            TaintResult Result = new TaintResult();
            if (ItemArguments.Count != TemplateArguments.Count) return Result;

            for (int i = 0; i < ItemArguments.Count; i++)
            {
                if((ItemArguments[i].SubItems.Count > 0) && (TemplateArguments[i].SubItems.Count > 0))
                {
                    if (TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer)
                    {
                        Result.Add(Check(ItemArguments[i].SubItems));
                    }
                }
            }

            return Result;
        }
コード例 #11
0
ファイル: ItemChecker.cs プロジェクト: welias/IronWASP
        internal TaintResult IsMatch(List<JintItem> Item, List<JintItem> Template)
        {
            TaintResult Result = new TaintResult();

            if (Item.Count == 0) return Result;
            if (Template.Count == 0) return Result;

            if ((Item[0].State != JintState.Identifier) && (Item[0].State != JintState.MethodCallName))
            {
                //MessageBox.Show("Item starts with - " + Item[0].State.ToString());
                return Result;
            }
            if ((Template[0].State != JintState.Identifier) && (Template[0].State != JintState.MethodCallName))
            {
                //MessageBox.Show("Template starts with - " + Template[0].State.ToString());
                return Result;
            }

            int ItemMatchIndex = 0;

            while (ItemMatchIndex < Item.Count)
            {
                switch (Template[0].State)
                {
                    case (JintState.Identifier):
                        switch (Item[ItemMatchIndex].State)
                        {
                            case (JintState.Identifier):
                            case (JintState.Property):
                            case (JintState.StringIndex):
                                if (Item[ItemMatchIndex].Value.Equals(Template[0].Value))
                                    Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
                                break;
                            case (JintState.IdentifierIndex):
                            case (JintState.Indexer):
                                string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IndexValue.Length > 0 && IndexValue.Equals(Template[0].Value))
                                    Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
                                break;
                        }
                        break;
                    case (JintState.MethodCallName):
                        switch (Item[ItemMatchIndex].State)
                        {
                            case (JintState.MethodCallName):
                            case (JintState.StringIndex):
                                if (Item[ItemMatchIndex].Value.Equals(Template[0].Value))
                                    Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
                                break;
                            case (JintState.IdentifierIndex):
                            case (JintState.Indexer):
                                string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IndexValue.Length > 0 && IndexValue.Equals(Template[0].Value))
                                    Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
                                break;
                        }
                        break;
                }
                ItemMatchIndex++;
            }
            return Result;
        }
コード例 #12
0
ファイル: ItemChecker.cs プロジェクト: welias/IronWASP
        internal TaintResult DoItemsMatch(List<JintItem> Item, List<JintItem> Template, bool MethodCall)
        {
            TaintResult Result = new TaintResult();
            int ItemMatchIndex = 0;
            int TemplateMatchIndex = 0;

            bool MatchFailed = false;
            while ((ItemMatchIndex < Item.Count) && (TemplateMatchIndex < Template.Count) && !MatchFailed)
            {
                switch (Template[TemplateMatchIndex].State)
                {
                    case (JintState.Identifier):
                        switch (Item[ItemMatchIndex].State)
                        {
                            case (JintState.Identifier):
                            case (JintState.Property):
                            case (JintState.StringIndex):
                                if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.IdentifierIndex):
                            case (JintState.Indexer):
                                string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IndexValue.Length > 0 && IndexValue.Equals(Template[TemplateMatchIndex].Value))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.MethodCallName):
                                if (MethodCall)
                                    MatchFailed = true;
                                else
                                {
                                    if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                                        Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                    else
                                        MatchFailed = true;
                                }
                                break;
                            default:
                                MatchFailed = true;
                                break;
                        }
                        break;
                    case (JintState.Property):
                    case (JintState.StringIndex):
                        switch (Item[ItemMatchIndex].State)
                        {
                            case (JintState.Property):
                            case (JintState.StringIndex):
                                if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.IdentifierIndex):
                            case (JintState.Indexer):
                                string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IndexValue.Length > 0 && IndexValue.Equals(Template[TemplateMatchIndex].Value))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.MethodCallName):
                                if (MethodCall)
                                {
                                    if (Template.Count > TemplateMatchIndex + 1 && Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                                    {
                                        if (Template[TemplateMatchIndex + 1].State == JintState.MethodCallName && Template[TemplateMatchIndex + 1].Value.Length == 0)
                                        {
                                            TemplateMatchIndex++;
                                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                            List<JintItem> ItemArguments = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                            List<JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                            ItemMatchIndex = ItemMatchIndex + ItemArguments.Count;
                                            TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                        }
                                        else
                                            MatchFailed = true;
                                    }
                                    else
                                        MatchFailed = true;
                                }
                                else
                                {
                                    if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                                        Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                    else
                                        MatchFailed = true;
                                }
                                break;
                            default:
                                MatchFailed = true;
                                break;
                        }
                        break;
                    case(JintState.IdentifierIndex):
                        string TemplateItemValue = GetIndexStringValue(Template[TemplateMatchIndex]);
                        switch (Item[ItemMatchIndex].State)
                        {
                            case (JintState.Property):
                            case (JintState.StringIndex):
                                if (Item[ItemMatchIndex].Value.Equals(TemplateItemValue))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.IdentifierIndex):
                                string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else if (IndexValue.Length > 0 && IndexValue.Equals(TemplateItemValue))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.Indexer):
                                string IndexerValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IndexerValue.Length > 0 && IndexerValue.Equals(TemplateItemValue))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.MethodCallName):
                                if (Template.Count > TemplateMatchIndex + 1 && Item[ItemMatchIndex].Value.Equals(TemplateItemValue))
                                {
                                    if (Template[TemplateMatchIndex + 1].State == JintState.MethodCallName && Template[TemplateMatchIndex + 1].Value.Length == 0)
                                    {
                                        TemplateMatchIndex++;
                                        Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                        List<JintItem> ItemArguments = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                        List<JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                        ItemMatchIndex = ItemMatchIndex + ItemArguments.Count;
                                        TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                    }
                                    else
                                        MatchFailed = true;
                                }
                                else
                                    MatchFailed = true;
                                break;
                            default:
                                MatchFailed = true;
                                break;
                        }
                        break;
                    case (JintState.Indexer):
                        string TemplateIndexerValue = GetIndexStringValue(Template[TemplateMatchIndex]);
                        switch (Item[ItemMatchIndex].State)
                        {
                            case (JintState.StringIndex):
                                if (Item[ItemMatchIndex].Value.Equals(TemplateIndexerValue))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.IdentifierIndex):
                                string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IndexValue.Length > 0 && IndexValue.Equals(TemplateIndexerValue))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.Indexer):
                                string IndexerValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IsMatch(Item[ItemMatchIndex].SubItems, Template[TemplateMatchIndex].SubItems).NeutralReasons.Count > 0)
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else if (IndexerValue.Length > 0 && IndexerValue.Equals(TemplateIndexerValue))
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.MethodCallName):
                                if (Template.Count > TemplateMatchIndex + 1 && Item[ItemMatchIndex].Value.Equals(TemplateIndexerValue))
                                {
                                    if (Template[TemplateMatchIndex + 1].State == JintState.MethodCallName && Template[TemplateMatchIndex + 1].Value.Length == 0)
                                    {
                                        TemplateMatchIndex++;
                                        Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                        List<JintItem> ItemArguments = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                        List<JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                        ItemMatchIndex = ItemMatchIndex + ItemArguments.Count;
                                        TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                    }
                                    else
                                        MatchFailed = true;
                                }
                                else
                                    MatchFailed = true;
                                break;
                            default:
                                MatchFailed = true;
                                break;
                        }
                        break;
                    case (JintState.MethodCallName):
                        switch (Item[ItemMatchIndex].State)
                        {
                            case (JintState.MethodCallName):
                                if (MethodCall)
                                {
                                    if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                                    {
                                        Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                        List<JintItem> ItemArguments = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                        List<JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                        ItemMatchIndex = ItemMatchIndex + ItemArguments.Count;
                                        TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                    }
                                    else
                                        MatchFailed = true;
                                }
                                else
                                    MatchFailed = true;

                                break;
                            case (JintState.StringIndex):
                                if (Item[ItemMatchIndex].Value.Equals(Template[TemplateMatchIndex].Value))
                                {
                                    if (Item.Count > ItemMatchIndex + 1)
                                    {
                                        if (Item[ItemMatchIndex + 1].State == JintState.MethodCallName && Item[ItemMatchIndex + 1].Value.Length == 0 && MethodCall)
                                        {
                                            ItemMatchIndex++;
                                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                            List<JintItem> ItemArguments = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                            List<JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                            ItemMatchIndex = ItemMatchIndex + ItemArguments.Count;
                                            TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                        }
                                        else
                                            MatchFailed = true;
                                    }
                                    else
                                    {
                                        if(MethodCall) MatchFailed = true;
                                    }
                                }
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.IdentifierIndex):
                                string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IndexValue.Length > 0 && IndexValue.Equals(Template[TemplateMatchIndex].Value))
                                {
                                    if (Item.Count > ItemMatchIndex + 1)
                                    {
                                        if (Item[ItemMatchIndex + 1].State == JintState.MethodCallName && Item[ItemMatchIndex + 1].Value.Length == 0 && MethodCall)
                                        {
                                            ItemMatchIndex++;
                                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                            List<JintItem> ItemArguments = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                            List<JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                            ItemMatchIndex = ItemMatchIndex + ItemArguments.Count;
                                            TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                        }
                                        else
                                            MatchFailed = true;
                                    }
                                    else
                                    {
                                        if(MethodCall) MatchFailed = true;
                                    }
                                }
                                else
                                    MatchFailed = true;
                                break;
                            case (JintState.Indexer):
                                string IndexerValue = GetIndexStringValue(Item[ItemMatchIndex]);
                                if (IndexerValue.Length > 0 && IndexerValue.Equals(Template[TemplateMatchIndex].Value))
                                {
                                    if (Item.Count > ItemMatchIndex + 1)
                                    {
                                        if (Item[ItemMatchIndex + 1].State == JintState.MethodCallName && Item[ItemMatchIndex + 1].Value.Length == 0 && MethodCall)
                                        {
                                            ItemMatchIndex++;
                                            Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                            List<JintItem> ItemArguments = GetMethodArguments(Item.GetRange(ItemMatchIndex + 1, Item.Count - (ItemMatchIndex + 1)));
                                            List<JintItem> TemplateArguments = GetMethodArguments(Template.GetRange(TemplateMatchIndex + 1, Template.Count - (TemplateMatchIndex + 1)));
                                            ItemMatchIndex = ItemMatchIndex + ItemArguments.Count;
                                            TemplateMatchIndex = TemplateMatchIndex + TemplateArguments.Count;
                                        }
                                        else
                                            MatchFailed = true;
                                    }
                                    else
                                    {
                                        if(MethodCall) MatchFailed = true;
                                    }
                                }
                                else
                                    MatchFailed = true;
                                break;
                            case(JintState.Property):
                                if (!MethodCall && Item.Count == ItemMatchIndex + 1)
                                    Result.NeutralReasons.Add(Item[ItemMatchIndex].Value);
                                else
                                    MatchFailed = true;
                                break;
                            default:
                                MatchFailed = true;
                                break;
                        }
                        break;
                    default:
                        MatchFailed = true;
                        break;
                }
                ItemMatchIndex++;
                TemplateMatchIndex++;
            }
            if (TemplateMatchIndex != Template.Count) MatchFailed = true;
            if (MatchFailed)
            {
                Result.NeutralReasons.Clear();
                Result.SourceReasons.Clear();
                Result.SinkReasons.Clear();
                Result.MethodNameReasons.Clear();
                Result.MethodArgumentSinkReasons.Clear();
                Result.MethodArgumentSourceReasons.Clear();
                Result.MethodArgumentNeutralReasons.Clear();
                Result.SourceToSinkReasons.Clear();
            }
            return Result;
        }
コード例 #13
0
ファイル: ItemChecker.cs プロジェクト: welias/IronWASP
        internal TaintResult Check(List<JintItem> Item)
        {
            TaintResult Result = new TaintResult();

            List<List<JintItem>> ItemParts = GetItemParts(Item);

            foreach (List<JintItem> Part in ItemParts)
            {
                Result.Add(IsTainted(Part));
                //When tracing keyword if keyword is inside string value even then it should be treated as a source
                if (IJ.TraceKeyword)
                {
                    foreach (JintItem PartItem in Part)
                    {
                        if ((PartItem.State == JintState.StringValue || PartItem.State == JintState.IntValue) && PartItem.Value.IndexOf(IJ.KeywordToTrace, StringComparison.OrdinalIgnoreCase) > -1)
                            Result.SourceReasons.Add("Matches with Keyword being traced");
                    }
                }
            }
            return Result;
        }