public SQLSink(JToken JSON) : base(JSON)
{
SQLITaint tmp;
bool success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp);
DefaultStatus = success ? tmp : SQLITaint.SQL_ALL;
this.Classnames = new List <string>();
var classnames = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Classnames);
if (classnames != null)
{
foreach (string format in classnames)
{
this.Classnames.Add(format);
}
}
var paramArray = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters);
foreach (JObject param in paramArray)
{
//if (param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues) == null) continue;
var parameterNumber = (uint)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber);
var type = (string)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType);
var optional = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional);
var vulnerable = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterCanCreateHole);
var paramValues = (JArray)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues);
var variadic = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic);
switch (type)
{
case "flag":
var flagParam = FlagParameterFactory.CreateFlagParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: optional,
isVulnerable: vulnerable, isVaridic: variadic);
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), flagParam);
break;
case "bool":
case "boolean":
var boolParam = BooleanParameterFactory.CreateBooleanParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: optional,
isVulnerable: vulnerable, isVariadic: variadic);
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), boolParam);
break;
case "int":
case "integer":
var intParam = IntegerParameterFactory.CreateIntParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: optional,
isVulnerable: vulnerable, isVariadic: variadic);
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), intParam);
break;
case "str":
case "string":
var strParam = StringParameterFactory.CreateStringParameter <SQLITaint>(paramValues, DefaultStatus, isOptional: optional,
isVulnerable: vulnerable, isVariadic: variadic);
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), strParam);
break;
case "array":
case "object":
default:
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), new Parameter(optional ?? false, vulnerable ?? false));
break;
}
}
}
public SQLSanitizer(JToken JSON) : base(JSON)
{
Parameters = new Dictionary <Tuple <uint, string>, Parameter>();
SQLITaint tmp;
bool success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp);
DefaultStatus = success ? tmp : SQLITaint.SQL_ALL;
var paramsArray = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters);
foreach (JObject param in paramsArray)
{
var paramValues = (JArray)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues);
var type = (string)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType);
var paramNumber = (uint)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber);
var isOptional = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional);
var variadic = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic);
var isReturn = (bool?)param.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsReturnValue);
if (paramValues == null)
{
var objectParam = new Parameter(isOptional ?? false, false, variadic ?? false, false, "", isReturn ?? false);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), objectParam);
continue;
}
switch (type)
{
case "flag":
var flag = FlagParameterFactory.CreateFlagParameter <SQLITaint>(paramValues, DefaultStatus,
isOptional: isOptional, isVaridic: variadic, isReturn: isReturn);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), flag);
break;
case "bool":
case "boolean":
var boolparam = BooleanParameterFactory.CreateBooleanParameter <SQLITaint>(paramValues, DefaultStatus,
isOptional: isOptional, isVariadic: variadic, isReturn: isReturn);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), boolparam);
break;
case "int":
case "integer":
var intParam = IntegerParameterFactory.CreateIntParameter <SQLITaint>(paramValues, DefaultStatus,
isOptional: isOptional, isVariadic: variadic, isReturn: isReturn);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), intParam);
break;
case "str":
case "string":
var strParam = StringParameterFactory.CreateStringParameter <SQLITaint>(paramValues, DefaultStatus,
isOptional: isOptional, isVariadic: variadic, isReturn: isReturn);
Parameters.Add(new Tuple <uint, string>(paramNumber, type), strParam);
break;
case "array":
break;
case "object":
break;
default:
string s = String.Format("Unknown parameter type. Parameter number: {0} had the type {1}", paramNumber, type).ToString();
throw new NotSupportedException(s);
}
}
}
public XSSSink(JToken JSON) : base(JSON)
{
Parameters = new Dictionary <Tuple <uint, string>, Parameter>();
XSSTaint tmp;
bool success = Enum.TryParse((string)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.DefaultStatusCode), out tmp);
DefaultStatus = success ? tmp : XSSTaint.XSS_ALL;
Outputs = (bool)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.OutputsPerDefault);
var parameters = (JArray)JSON.SelectToken(Keys.PHPDefinitionJSONKeys.GeneralKeys.Parameters);
foreach (JObject parameterObject in parameters)
{
var parameterNumber = (uint)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterNumber);
var optional = (bool?)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsOptional);
var type = (string)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterType);
var paramValues = (JArray)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterValues);
var vulnerable = (bool?)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterCanCreateHole);
var isVariadic = (bool?)parameterObject.SelectToken(Keys.PHPDefinitionJSONKeys.ParameterJSONKeys.ParameterIsVariadic);
//TODO: Add support for return parameters
switch (type)
{
case "flag":
var flagParam = FlagParameterFactory.CreateFlagParameter <XSSTaint>(paramValues, DefaultStatus, isOptional: optional,
isVulnerable: vulnerable, isVaridic: isVariadic);
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), flagParam);
break;
case "bool":
case "boolean":
var boolParam = BooleanParameterFactory.CreateBooleanParameter <XSSTaint>(paramValues, DefaultStatus, isOptional: optional,
isVulnerable: vulnerable, isVariadic: isVariadic);
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), boolParam);
break;
case "int":
case "integer":
var intParam = IntegerParameterFactory.CreateIntParameter <XSSTaint>(paramValues, DefaultStatus, isOptional: optional,
isVulnerable: vulnerable, isVariadic: isVariadic);
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), intParam);
break;
case "str":
case "string":
var strParam = StringParameterFactory.CreateStringParameter <XSSTaint>(paramValues, DefaultStatus, isOptional: optional,
isVulnerable: vulnerable, isVariadic: isVariadic);
Parameters.Add(new Tuple <uint, string>(parameterNumber, type), strParam);
break;
case "array":
case "object":
case "mix":
var tuple = new Tuple <uint, string>(parameterNumber, type);
Parameters.Add(tuple, new Parameter(optional ?? false, vulnerable ?? true, isVariadic ?? false, false, "", false));
break;
default:
string s = String.Format("Unknown parameter type. Parameter number: {0} had the type {1}", parameterNumber, type).ToString();
throw new NotSupportedException(s);
}
}
}