コード例 #1
0
        /// <summary>
        /// If the function is a sanitizer, the sanitized taint flows are removed
        /// </summary>
        /// <param name="p">program point with a function</param>
        /// <param name="taintInfo">TaintInfo that is being sanitized</param>
        private void sanitize(NativeAnalyzerPoint p, ref TaintInfo taintInfo)
        {
            NativeAnalyzerMethod method    = p.Analyzer.Method;
            QualifiedName        functName = getMethodName(p);

            functAnalyzer = NativeFunctionAnalyzer.CreateInstance();

            List <FlagType> flags;

            if (functAnalyzer.SanitizingFunctions.TryGetValue(functName, out flags))
            {
                taintInfo.setSanitized(flags);
            }
        }
コード例 #2
0
        /// <summary>
        /// Visits a binary expression point and propagates the taint from both the operands.
        /// </summary>
        /// <param name="p">point to visit</param>
        public override void VisitBinary(BinaryExPoint p)
        {
            _currentPoint = p;
            List <ValueInfo> values    = new List <ValueInfo>();
            bool             nullValue = false;

            nullValue = addOperandValues(values, p.LeftOperand, nullValue);
            nullValue = addOperandValues(values, p.RightOperand, nullValue);

            TaintInfo outputTaint = mergeTaint(values, nullValue);

            outputTaint.setSanitized(new List <FlagType>()
            {
                FlagType.FilePathDirty, FlagType.HTMLDirty, FlagType.SQLDirty
            });

            p.SetValueContent(new MemoryEntry(Output.CreateInfo(outputTaint)));
        }