private void AnalyzeEcho(CFGBlock block, CFGTaintInfo taintInfo) { //var xssTaintedVars = taintInfo.In.Where(info => info.Value.XssTaint.TaintTags.Contains(XSSTaint.XSS_ALL)) // .Select(info => info.Key); //foreach (var taintedVar in xssTaintedVars) //{ // if (block.AstEntryNode.InnerText.Contains(taintedVar)) // { // vulnerabilityReporter.ReportVulnerability(block, "XSS"); // } //} }
public void AnalyzeSink(CFGBlock target, CFGTaintInfo taintInfo) { switch (target.AstEntryNode.LocalName) { case AstConstants.Nodes.Stmt_Echo: AnalyzeEcho(target, taintInfo); break; case AstConstants.Nodes.Expr_Print: break; default: break; } }
public void Initialize(CFGBlock cfgBlock) { var taintInfo = CFGTaintInfo.Default; if (cfgBlock.IsRoot) { var varStorage = ImmutableDictionary<EdgeType, ImmutableVariableStorage>.Empty.Add(EdgeType.Normal, initialTaint); taintInfo = new CFGTaintInfo(initialTaint, varStorage); } _taints.Add(cfgBlock, taintInfo); }
private bool MonotonicChange(CFGTaintInfo oldResult, CFGTaintInfo newResult) { if (oldResult == null) { return true; } return !oldResult.Equals(newResult); }