bool Equals(ExpressionInfo expressionInfo) { return expressionInfo.Depth.Equals(this.Depth) && expressionInfo.ExpressionType.Equals(this.ExpressionType) && expressionInfo.Value == this.Value && expressionInfo.Parent == this.Parent; }
internal ExpressionInfo Parse() { var state = new ExpressionInfo(); foreach (var ex in this.Assignment_expressions) { state.AssignmentExpressions.Add(ex.Parse()); } return state; }
private void SetPropertyExpression(ExpressionInfo expressionInfo, string expressionTokenText) { PropertyExpression = ExpressionParserHelper.GetPropertyExpression( expressionInfo.Parameter, expressionInfo.ParameterSyntax, expressionTokenText); PropertyInfo = (PropertyInfo)this.PropertyExpression.Member; if (PropertyInfo.PropertyType == typeof(bool)) { Expression = Expression.IsTrue(this.PropertyExpression); } }
public void ExpressionInfo_Merge() { var sqliTaint = new SQLITaintSet(SQLITaint.SQL_ALL); var xsstaint = new XSSTaintSet(XSSTaint.XSS_ALL); var ts1 = new TaintSets(sqliTaint, xsstaint); var exprInfo1 = new ExpressionInfo { ExpressionTaint = ts1 }; var exprInfo2 = new ExpressionInfo(); var exprInfo = exprInfo2.Merge(exprInfo1); Assert.AreEqual(sqliTaint, exprInfo.ExpressionTaint.SqliTaint.Single(), "SQL Taint was not the expected"); Assert.AreEqual(xsstaint, exprInfo.ExpressionTaint.XssTaint.Single(), "XSS Taint was not the expected"); }
protected virtual string GetExpressionName(ExpressionInfo ei) { if (ei.Property.Name == "Parent") { return("Children"); } if (ei.IsUnique) { return(Reflector.CleanTypeName(ei.ToType)); } return(NaturalLanguageTools.Pluralize(Reflector.CleanTypeName(ei.ToType).SpacePascal()).ToPascal()); }
private void Modification_DataItem_Editor_DropDownClosed(object sender, EventArgs e) { if (ModificationList.ActiveSheet.ActiveRow.Tag == null) { ModificationList.ActiveSheet.ActiveRow.Tag = new ExpressionInfo(); } ExpressionInfo expressionInfo = ModificationList.ActiveSheet.ActiveRow.Tag as ExpressionInfo; expressionInfo.DataItem = Modification_DataItem_Editor.SelectedItem as FieldInfo; ModificationList.ActiveSheet.Cells[ModificationList.ActiveSheet.ActiveRowIndex, 0].Value = Modification_DataItem_Editor.SelectedItem as FieldInfo; Modification_DataItem_Editor.SendToBack(); }
private void WriteToTable_DataItem_Editor_DropDownClosed(object sender, EventArgs e) { if (ConditionList.ActiveSheet.ActiveRow.Tag == null) { ConditionList.ActiveSheet.ActiveRow.Tag = new ExpressionInfo(); } ExpressionInfo expressionInfo = ConditionList.ActiveSheet.ActiveRow.Tag as ExpressionInfo; expressionInfo.DataItem = WriteToTable_DataItem_Editor.SelectedItem as FieldInfo; ConditionList.ActiveSheet.Cells[ConditionList.ActiveSheet.ActiveRowIndex, 0].Value = WriteToTable_DataItem_Editor.SelectedItem; WriteToTable_DataItem_Editor.SendToBack(); }
public static Expression CreateGenerated(Context cx, IExpressionParentEntity parent, int childIndex, Extraction.Entities.Location location, string?value) { var info = new ExpressionInfo( cx, null, location, ExprKind.DEFAULT, parent, childIndex, true, value); return(new Expression(info)); }
public static Expression CreateGeneratedNullLiteral(Context cx, IExpressionParentEntity parent, int childIndex, Extraction.Entities.Location location) { var info = new ExpressionInfo( cx, null, location, ExprKind.NULL_LITERAL, parent, childIndex, true, ValueAsString(null)); return(new Expression(info)); }
public void Evaluate(ExpressionInfo expression, ITaskEngine taskEngine, Action <object> callback) { if (expression.IsEvaluating) { throw new InvalidOperationException("expression.IsEvaluating == true"); } expression.IsEvaluating = true; OnEvaluating(expression, taskEngine, result => { expression.IsEvaluating = false; callback(result); }); }
public object CreateExpressionInfo_and_FastCompile() { //Expression<Func<Action<string>>> expr = () => a => s.SetValue(a); var aParam = Expression.Parameter(typeof(string), "a"); var expr = ExpressionInfo.Lambda( ExpressionInfo.Lambda( ExpressionInfo.Call(ExpressionInfo.Constant(_s), _setValueMethod, aParam), aParam ) ); return(expr.TryCompile <Func <Action <string> > >()); }
public static Expression CreateGenerated(Context cx, IExpressionParentEntity parent, int index, Extraction.Entities.Location location) { var info = new ExpressionInfo( cx, null, location, ExprKind.ARRAY_INIT, parent, index, true, null); return(new Expression(info)); }
/// <summary> /// Evaluates the specified expression if possible and returns its value as a type. /// </summary> /// <typeparam name="T">The specified type.</typeparam> /// <param name="expression">The expression to evaluate.</param> /// <param name="defaultValue">The default value to use when the conversion fails or nothing to convert</param> protected T EvaluateExpression <T>(ExpressionInfo expression, T defaultValue) where T : struct { // convert an expression to the string string stringValue = EvaluatorService.EvaluateStringExpression(expression); // set the default value T result = defaultValue; // convert the string to enum value if (Enum.IsDefined(typeof(T), stringValue)) { result = (T)Enum.Parse(typeof(T), stringValue); } return(result); }
public void Initialize(InitializationContext context) { context.ExprHostBuilder.SortStart(); if (this.m_sortExpressions != null) { for (int i = 0; i < this.m_sortExpressions.Count; i++) { ExpressionInfo expressionInfo = this.m_sortExpressions[i]; expressionInfo.Initialize("SortExpression", context); context.ExprHostBuilder.SortExpression(expressionInfo); } } context.ExprHostBuilder.SortEnd(); }
public override void Deserialize(IntermediateFormatReader reader) { base.Deserialize(reader); reader.RegisterDeclaration(m_Declaration); while (reader.NextMember()) { switch (reader.CurrentMember.MemberName) { case MemberName.DistanceFromScale: m_distanceFromScale = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.Placement: m_placement = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.EnableGradient: m_enableGradient = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.GradientDensity: m_gradientDensity = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.TickMarkImage: m_tickMarkImage = (TopImage)reader.ReadRIFObject(); break; case MemberName.Length: m_length = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.Width: m_width = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.Shape: m_shape = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.Hidden: m_hidden = (ExpressionInfo)reader.ReadRIFObject(); break; default: Global.Tracer.Assert(condition: false); break; } } }
public override void Deserialize(IntermediateFormatReader reader) { base.Deserialize(reader); reader.RegisterDeclaration(m_Declaration); while (reader.NextMember()) { switch (reader.CurrentMember.MemberName) { case MemberName.Visible: m_visible = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.Label: m_label = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.Position: m_position = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.Rotation: m_rotation = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.UseValueAsLabel: m_useValueAsLabel = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.Action: m_action = (Action)reader.ReadRIFObject(); break; case MemberName.ChartDataPoint: m_chartDataPoint = reader.ReadReference <ChartDataPoint>(this); break; case MemberName.ChartSeries: m_chartSeries = reader.ReadReference <ChartSeries>(this); break; case MemberName.ToolTip: m_toolTip = (ExpressionInfo)reader.ReadRIFObject(); break; default: Global.Tracer.Assert(condition: false); break; } } }
public static Expression CreateGenerated(Context cx, IExpressionParentEntity parent, int childIndex, Microsoft.CodeAnalysis.ITypeSymbol type, Extraction.Entities.Location location) { var typeAccessInfo = new ExpressionInfo( cx, AnnotatedTypeSymbol.CreateNotAnnotated(type), location, ExprKind.TYPE_ACCESS, parent, childIndex, true, null); return(new Expression(typeAccessInfo)); }
private void btnHidden_CheckedChanged(object sender, EventArgs e) { if (!_isInitialized) { return; } if (btnHidden.Checked) { btnVisible.Checked = btnExpression.Checked = false; visibilityExpressionEditor.Enabled = false; visibilityExpressionEditor.Value = _visibilityWrapper.Hidden = ExpressionInfo.FromString(Boolean.TrueString); } }
public override void Deserialize(IntermediateFormatReader reader) { base.Deserialize(reader); reader.RegisterDeclaration(ChartLegendCustomItem.m_Declaration); while (reader.NextMember()) { switch (reader.CurrentMember.MemberName) { case MemberName.Name: this.m_name = reader.ReadString(); break; case MemberName.ExprHostID: this.m_exprHostID = reader.ReadInt32(); break; case MemberName.Action: this.m_action = (Action)reader.ReadRIFObject(); break; case MemberName.Marker: this.m_marker = (ChartMarker)reader.ReadRIFObject(); break; case MemberName.Separator: this.m_separator = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.SeparatorColor: this.m_separatorColor = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.ToolTip: this.m_toolTip = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.ChartLegendCustomItemCells: this.m_chartLegendCustomItemCells = reader.ReadGenericListOfRIFObjects <ChartLegendCustomItemCell>(); break; case MemberName.ID: this.m_id = reader.ReadInt32(); break; default: Global.Tracer.Assert(false); break; } } }
public override void Deserialize(IntermediateFormatReader reader) { base.Deserialize(reader); reader.RegisterDeclaration(m_Declaration); while (reader.NextMember()) { switch (reader.CurrentMember.MemberName) { case MemberName.Name: m_name = reader.ReadString(); break; case MemberName.Layout: m_layout = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.MapLegendTitle: m_mapLegendTitle = (MapLegendTitle)reader.ReadRIFObject(); break; case MemberName.AutoFitTextDisabled: m_autoFitTextDisabled = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.MinFontSize: m_minFontSize = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.InterlacedRows: m_interlacedRows = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.InterlacedRowsColor: m_interlacedRowsColor = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.EquallySpacedItems: m_equallySpacedItems = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.TextWrapThreshold: m_textWrapThreshold = (ExpressionInfo)reader.ReadRIFObject(); break; default: Global.Tracer.Assert(condition: false); break; } } }
/// <summary> /// Evaluates the specified expression if possible and returns its value as a length. /// </summary> /// <param name="expression">The expression to evaluate.</param> /// <param name="defaultLength">The default length to use when the conversion fails or nothing to convert</param> internal Length EvaluateLengthExpression(ExpressionInfo expression, Length defaultLength) { Length length = defaultLength; if (expression != null && expression.IsConstant) { Length lineWidthValue = EvaluatorService.EvaluateStringExpression(expression); if (lineWidthValue.IsValid) { length = lineWidthValue; } } return(length); }
static Rdl() { var schema = new Scope(Ns.Rdl2005) .Type(s => Length.Parse(s), x => x.IsValid ? x.ToString() : "") .Type(s => ExpressionInfo.Parse(s), x => x.ToString()) .Enum(DataElementOutput.Auto); var rdl = new[] { Ns.Rdl2005, Ns.Rdl2003, Ns.Rdl2008, Ns.Rdl2010 }; schema.Element <Report>() .Attributes() .Add(x => x.Name) .End() .Elements(rdl) .Add(x => x.Width) .Add(x => x.Body) .End() .Use(rdl); schema.Element <Body>() .Elements(rdl) .Add(x => x.Height) .Add(x => x.ReportItems) .End() .Use(rdl); var item = schema.Element <ReportItem>() .Attributes() .Add(x => x.Name) .End() .Elements(rdl) .Add(x => x.DataElementName) .Add(x => x.DataElementOutput) .End(); item.Sub <TextBox>() .Elements(rdl) .Add(x => x.Value) .End() .Use(rdl); item.Sub <Rectangle>() .Elements(rdl) .Add(x => x.ReportItems) .End() .Use(rdl); Schema = schema; }
public void Deserialize(IntermediateFormatReader reader) { reader.RegisterDeclaration(IndicatorState.m_Declaration); while (reader.NextMember()) { switch (reader.CurrentMember.MemberName) { case MemberName.GaugePanel: this.m_gaugePanel = reader.ReadReference <GaugePanel>(this); break; case MemberName.Name: this.m_name = reader.ReadString(); break; case MemberName.StartValue: this.m_startValue = (GaugeInputValue)reader.ReadRIFObject(); break; case MemberName.EndValue: this.m_endValue = (GaugeInputValue)reader.ReadRIFObject(); break; case MemberName.Color: this.m_color = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.ScaleFactor: this.m_scaleFactor = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.IndicatorStyle: this.m_indicatorStyle = (ExpressionInfo)reader.ReadRIFObject(); break; case MemberName.IndicatorImage: this.m_indicatorImage = (IndicatorImage)reader.ReadRIFObject(); break; case MemberName.ExprHostID: this.m_exprHostID = reader.ReadInt32(); break; default: Global.Tracer.Assert(false); break; } } }
private void BuildLayout(ExpressionInfo controllerExpressionInfo) { var def = new AvatarDefinition(controllerExpressionInfo.AvatarDescriptor); IEnumerable <VrcParameterDefinition> parameters = def.Children.OfType <VrcParameterDefinition>(); foreach (VrcParameterDefinition parameterDefinition in parameters) { string parameter = parameterDefinition.Name; VisualElement row = _dataRow.InstantiateTemplate(_parameterList.contentContainer); row.Q("parameter").Add(ObjectHolder.CreateHolder(parameterDefinition, this)); foreach (AnimatorLayerDefinition l in GetLayers(def, parameter)) { if (!l.TryGetFirstParent(out AnimatorDefinition _)) { continue; } row.Q("layer").Add(ObjectHolder.CreateHolder(l, this)); } foreach (MotionDefinition m in GetMotions(def, parameter)) { if (m.Motion == null) { continue; } row.Q("misc").Add(ObjectHolder.CreateHolder(m, this)); } foreach (VrcParameterDriverDefinition d in GetDrivers(def, parameter)) { row.Q("misc").Add(ObjectHolder.CreateHolder(d, this)); } foreach (MenuControlDefinition m in GetMenuControls(def, parameter)) { if (!m.TryGetFirstParent(out MenuDefinition _)) { continue; } row.Q("menu").Add(ObjectHolder.CreateHolder(m, this)); } } }
public void Can_compile_lambda_with_property() { var thisType = GetType().GetTypeInfo(); var funcExpr = ExpressionInfo.Lambda( ExpressionInfo.Property(thisType.GetProperty(nameof(PropX)))); var func = ExpressionCompiler.TryCompile <Func <X> >(funcExpr); Assert.IsNotNull(func); var x = func(); Assert.IsInstanceOf <X>(x); }
internal ExpressionInfo[] GetForeignKeyExpressions() { int joinConditionCount = JoinConditionCount; if (joinConditionCount == 0) { return(null); } ExpressionInfo[] array = new ExpressionInfo[joinConditionCount]; for (int i = 0; i < joinConditionCount; i++) { array[i] = m_joinConditions[i].ForeignKeyExpression; } return(array); }
public void Can_compile_lambda_without_coverting_to_expression() { var funcExpr = ExpressionInfo.Lambda( ExpressionInfo.New(typeof(X).GetTypeInfo().GetConstructors()[0], ExpressionInfo.New(typeof(Y).GetTypeInfo().GetConstructors()[0]))); var func = ExpressionCompiler.TryCompile <Func <X> >(funcExpr); Assert.IsNotNull(func); var x = func(); Assert.IsInstanceOf <X>(x); }
void IBotSubmitTask.RegisterTask(TaskTemplateType type, SerializedTask serializedTask) { m_state.TaskTemplates[type] = new TaskInfoPool(() => { TaskInfo coreTaskInfo = SerializedTask.ToTaskInfo(serializedTask); return(TaskInfo.Procedure ( null, null, coreTaskInfo, TaskInfo.Return(ExpressionInfo.TaskStatus(coreTaskInfo)) )); }); }
public static Expression CreateGenerated(Context cx, IExpressionParentEntity parent, int childIndex, ITypeSymbol type, object value, Extraction.Entities.Location location) { var info = new ExpressionInfo( cx, AnnotatedTypeSymbol.CreateNotAnnotated(type), location, GetExprKind(type, null, cx), parent, childIndex, true, ValueAsString(value)); return(new Expression(info)); }
private ExpressionInfo GetInfo(Expression node) { ExpressionInfo info; if (this.nodes.TryGetValue(node, out info)) { return(info); } else { info = new ExpressionInfo(node); this.nodes[node] = info; return(info); } }
public void ExpreessionInfoCloneTest2() { ExpressionInfo canRun = ExpressionInfo.Eq( ExpressionInfo.PrimitiveVal(CmdResultCode.Success), ExpressionInfo.Val(new TaskInputInfo())); Assert.DoesNotThrow(() => { TaskInfo task = new TaskInfo { Expression = canRun }; byte[] b = m_protobufSerializer.Serialize(SerializedTask.FromTaskInfo(task)); SerializedTask.ToTaskInfo(m_protobufSerializer.Deserialize <SerializedTask>(b)); }); }
public void Nested_Func_using_outer_parameter() { // The same hoisted expression: //Expression<Func<string, string>> expr = a => GetS(() => a); var aParam = Expression.Parameter(typeof(string), "a"); var expr = ExpressionInfo.Lambda( ExpressionInfo.Call(GetType().GetTypeInfo().DeclaredMethods.First(m => m.Name == nameof(GetS)), ExpressionInfo.Lambda(aParam)), aParam); var f = ExpressionCompiler.TryCompile <Func <string, string> >(expr); Assert.AreEqual("a", f("a")); }
/// <summary> /// Method to analyze a PHP method call with the class name included /// </summary> /// <param name="methodCall">The method call to analyze</param> /// <param name="argInfos">The argument infos to include in the analysis</param> /// <returns>The common TaintSets found</returns> public ExpressionInfo AnalyzeMethodCall(MethodCall methodCall, IList <ExpressionInfo> argInfos) { //In most cases there should be either 0 or 1 classes, but situations where functions are specified several places can happen. //Therefore, we support it and select the worst case. var exprInfo = new ExpressionInfo(); //Try to find all the possible method calls, and create the worst case scenario of taints. foreach (string className in methodCall.ClassNames) { IList <Function> funclist = _funcHandler.LookupFunction(methodCall.CreateFullMethodName(className)); exprInfo = exprInfo.Merge(CreateCommonTaintSets(funclist, argInfos)); } return(exprInfo); }
public ExpressionInfo AnalyzeFunctionCall(XmlNode node, ExpressionInfo exprInfo, IVariableStorage varStorage, IVulnerabilityStorage vulnStorage, IDictionary<uint, ExpressionInfo> argumentInfos, AnalysisStacks analysisStacks) { var funcCall = new FunctionCallExtractor().ExtractFunctionCall(node); if (_getOptionsFunctions.Contains(funcCall.Name) || _addOptionFunctions.Contains(funcCall.Name) || _updateOptionFunctions.Contains(funcCall.Name)) { return HandleOptionsCall(funcCall, node, exprInfo, varStorage, vulnStorage, argumentInfos, analysisStacks); } else if (_hookFunctions.Contains(funcCall.Name)) { return HandleHookCall(node, exprInfo, varStorage, analysisStacks); } return exprInfo; }
public void Update( ExpressionInfo expressionInfo, string expressionTokenText) { if (ExpressionParserHelper.IsPropertyToken(expressionInfo.ParameterSyntax, expressionTokenText)) { SetPropertyExpression(expressionInfo, expressionTokenText); return; } if (OperationExpression != null) { var constantValue = expressionTokenText; if (PropertyInfo.PropertyType == typeof(string)) { constantValue = constantValue.Replace("'", null); } var comparisonConstantValue = TypeDescriptor .GetConverter(PropertyInfo.PropertyType) .ConvertFromString(constantValue); Expression = OperationExpression(PropertyExpression, Expression.Constant(comparisonConstantValue)); return; } if (ExpressionParserHelper.GetOperatorFunc(expressionTokenText) != null) { OperationExpression = ExpressionParserHelper.GetOperatorFunc(expressionTokenText); } }
private ExpressionInfo Node_New(XmlNode node) { //ExpressionInfo info = Analyze(node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Class)); string className = ""; var classNode = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Class); XmlNode nameNode = null; bool success = classNode.TryGetSubNode(AstConstants.Node + ":" + AstConstants.Nodes.Name, out nameNode); if (success) { className = nameNode.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Parts).InnerText; } //TODO: extract class names from vars. (Requires var tracking) //TODO: Analyze constructor here var exprInfo = new ExpressionInfo(); if (className != "") { exprInfo.ValueInfo.Type = className; exprInfo.ValueInfo.ClassNames.Add(className); } return exprInfo; }
private ExpressionInfo Node_MethodCall(XmlNode node) { var functionCallExtractor = new FunctionCallExtractor(); var methodCall = functionCallExtractor.ExtractMethodCall(node, this._variableStorage, this._analysisScope); bool isAlreadyInStack = _analysisStacks.CallStack.Any(x => x.Name == methodCall.Name); _analysisStacks.CallStack.Push(methodCall); var argInfos = new List<ExpressionInfo>(); //Actually analyze the arguments for (uint index = 1; index <= methodCall.Arguments.Count; index++) { var item = methodCall.Arguments.FirstOrDefault(x => x.Key == index); var exprInfo = this.Analyze(item.Value); if (_varResolver.IsResolvableNode(item.Value)) { var @var = _varResolver.ResolveVariable(item.Value); exprInfo.ValueInfo = @var.Variable.Info; } argInfos.Add(exprInfo); } if (methodCall.Name == "") { var exprInfo = new ExpressionInfo(); _analysisStacks.CallStack.Pop(); return argInfos.Aggregate(exprInfo, (current, info) => current.Merge(info)); } var customFunctionHandler = new CustomFunctionHandler(this._analyzer, _subroutineAnalyzerFactory); customFunctionHandler.AnalysisExtensions.AddRange(this.AnalysisExtensions); var functionMethodAnalyzer = _subroutineAnalyzerFactory.Create(ImmutableVariableStorage.CreateFromMutable(_variableStorage), _inclusionResolver, _analysisStacks, customFunctionHandler, _vulnerabilityStorage); var methodCallTaintSet = new ExpressionInfo(); if(!isAlreadyInStack) { methodCallTaintSet = functionMethodAnalyzer.AnalyzeMethodCall(methodCall, argInfos); } FunctionsHandler fh = FunctionsHandler.Instance; var resultTaintSet = new ExpressionInfo(); foreach (var className in methodCall.ClassNames.Distinct()) { var tempResultTaintSet = methodCallTaintSet.AssignmentClone(); var sqlSaniFunc = fh.FindSQLSanitizerByName(methodCall.CreateFullMethodName(className)); var sqlSinkFunc = fh.FindSQLSinkByName(methodCall.CreateFullMethodName(className)); var xssSaniFunc = fh.FindXSSSanitizerByName(methodCall.CreateFullMethodName(className)); var xssSinkFunc = fh.FindXSSSinkByName(methodCall.CreateFullMethodName(className)); if (sqlSaniFunc != null && sqlSaniFunc.DefaultStatus == SQLITaint.None) { resultTaintSet.ExpressionTaint.SqliTaint.Clear(); } if (xssSaniFunc != null && xssSaniFunc.DefaultStatus == XSSTaint.None) { resultTaintSet.ExpressionTaint.XssTaint.Clear(); } if (sqlSinkFunc != null || xssSinkFunc != null) { if (sqlSinkFunc != null) { var vulnerableSqlParams = sqlSinkFunc.Parameters.Where(x => x.Value.IsSensitive) .ToDictionary(pair => pair.Key); var parameters = methodCall.Arguments.Where(x => vulnerableSqlParams.Keys.Any(z => z.Item1 == x.Key)); foreach (var parameter in parameters) { //var argInfo = Analyze(parameter.Value); var argInfo = argInfos.ElementAt((int)(parameter.Key - 1)); CheckForSQLVulnerabilities(argInfo, parameter.Value); } if (sqlSinkFunc.ReturnType == "object" || sqlSinkFunc.ReturnType == "mix") { resultTaintSet.ValueInfo.ClassNames.AddRange(sqlSinkFunc.Classnames); } } if (xssSinkFunc != null) { var vulnerableXssParams = xssSinkFunc.Parameters.Where(x => x.Value.IsSensitive).ToDictionary(pair => pair.Key); var param = methodCall.Arguments.Where(x => vulnerableXssParams.Keys.Any(z => z.Item1 == x.Key)); foreach (var parameter in param) { var argInfo = argInfos.ElementAt((int)(parameter.Key - 1)); CheckForXssVulnerabilities(argInfo, parameter.Value); } } // Assuming sinks does not return taint. resultTaintSet.ExpressionTaint.ClearTaint(); resultTaintSet.ExpressionStoredTaint.Taint.ClearTaint(); } tempResultTaintSet = StoredMethodHandler(tempResultTaintSet, node); resultTaintSet = resultTaintSet.Merge(tempResultTaintSet); var methodNameWithClass = methodCall.CreateFullMethodName(className); bool isStoredProvider = FunctionsHandler.Instance.FindStoredProviderMethods(methodNameWithClass).Any(); if (isStoredProvider) { resultTaintSet.ExpressionStoredTaint = resultTaintSet.ExpressionStoredTaint.Merge(methodCall.Var.Info.PossibleStoredTaint); //TODO: The following is not true in all cases. // What cases? var cloned = resultTaintSet.ExpressionStoredTaint.Taint.DeepClone(); resultTaintSet.ValueInfo.NestedVariablePossibleStoredDefaultTaintFactory = () => cloned; } } _analysisStacks.CallStack.Pop(); return resultTaintSet; }
private ExpressionInfo Node_FuncCall(XmlNode node) { var functionCallExtractor = new FunctionCallExtractor(); var functionCall = functionCallExtractor.ExtractFunctionCall(node); bool isAlreadyInStack = _analysisStacks.CallStack.Any(x => x.Name == functionCall.Name); _analysisStacks.CallStack.Push(functionCall); var argInfos = new List<ExpressionInfo>(); //Actually extract the arguments for (uint index = 1; index <= functionCall.Arguments.Count; index++) { var item = functionCall.Arguments.FirstOrDefault(x => x.Key == index); var exprInfo = this.Analyze(item.Value); if (_varResolver.IsResolvableNode(item.Value)) { var variableResolveResult = _varResolver.ResolveVariable(item.Value); exprInfo.ValueInfo = variableResolveResult.Variable.Info; } argInfos.Add(exprInfo); } if (functionCall.Name == "") { var expr_info = new ExpressionInfo(); _analysisStacks.CallStack.Pop(); return argInfos.Aggregate(expr_info, (current, info) => current.Merge(info)); } var customFunctionHandler = new CustomFunctionHandler(this._analyzer, _subroutineAnalyzerFactory); customFunctionHandler.AnalysisExtensions.AddRange(this.AnalysisExtensions); var immutableVariableStorage = ImmutableVariableStorage.CreateFromMutable(_variableStorage); var functionMethodAnalyzer = this._subroutineAnalyzerFactory.Create(immutableVariableStorage, _inclusionResolver, _analysisStacks, customFunctionHandler, _vulnerabilityStorage); var resultTaintSet = new ExpressionInfo(); if (!isAlreadyInStack) { resultTaintSet = functionMethodAnalyzer.AnalyzeFunctionCall(functionCall, argInfos); } FunctionsHandler fh = FunctionsHandler.Instance; var sqlSaniFunc = fh.FindSQLSanitizerByName(functionCall.Name); var sqlSinkFunc = fh.FindSQLSinkByName(functionCall.Name); var xssSaniFunc = fh.FindXSSSanitizerByName(functionCall.Name); var xssSinkFunc = fh.FindXSSSinkByName(functionCall.Name); if(sqlSaniFunc != null && sqlSaniFunc.DefaultStatus == SQLITaint.None) { resultTaintSet.ExpressionTaint.SqliTaint.Clear(); resultTaintSet.ValueInfo.Taints.SqliTaint.Clear(); resultTaintSet.ExpressionStoredTaint.Taint.SqliTaint.Clear(); } if (xssSaniFunc != null && xssSaniFunc.DefaultStatus == XSSTaint.None) { resultTaintSet.ExpressionTaint.XssTaint.Clear(); resultTaintSet.ValueInfo.Taints.XssTaint.Clear(); resultTaintSet.ExpressionStoredTaint.Taint.XssTaint.Clear(); } if (sqlSinkFunc != null) { var vulnerableSqlParams = sqlSinkFunc.Parameters.Where(x => x.Value.IsSensitive).ToDictionary(pair => pair.Key); var param = functionCall.Arguments.Where(x => vulnerableSqlParams.Keys.Any(z => z.Item1 == x.Key)); foreach (var parameter in param) { var argInfo = argInfos.ElementAt((int) (parameter.Key - 1)); CheckForSQLVulnerabilities(argInfo, parameter.Value); } } if (xssSinkFunc != null) { var vulnerableXssParams = xssSinkFunc.Parameters.Where(x => x.Value.IsSensitive).ToDictionary(pair => pair.Key); var param = functionCall.Arguments.Where(x => vulnerableXssParams.Keys.Any(z => z.Item1 == x.Key)); foreach (var parameter in param) { var argInfo = argInfos.ElementAt((int)(parameter.Key - 1)); CheckForXssVulnerabilities(argInfo, parameter.Value); } } resultTaintSet = StoredFuncHandler(resultTaintSet, node, argInfos); var argumentInfoWithIndex = argInfos.Select((a, i) => new { Info = a, Index = (uint)i + 1 }) .ToDictionary(a => a.Index, a => a.Info); resultTaintSet = ApplyAnalysisExtensionsToFuncCall(node, resultTaintSet, argumentInfoWithIndex); _analysisStacks.CallStack.Pop(); return resultTaintSet; }
private ExpressionInfo Expr_AssignOp_Concat(XmlNode node) { var rhsExpr = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Expr); var rhsTaint = Analyze(rhsExpr); var lhsExpr = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Var); var lhsVariable = _varResolver.ResolveVariable(lhsExpr.FirstChild).Variable; lhsVariable.Info.Taints = lhsVariable.Info.Taints.Merge(rhsTaint.ExpressionTaint); var result = new ExpressionInfo() { ExpressionTaint = lhsVariable.Info.Taints }; if (lhsVariable.Info.Value != null && rhsTaint.ValueInfo.Value != null) { lhsVariable.Info.Value = lhsVariable.Info.Value + rhsTaint.ValueInfo.Value; } return result; }
/// <summary> /// Calls AnalyzeFuncCall on all external components. This was created because we currently do not call Analyze on "Node:Arg", /// which is needed to let the components find the arguments themselves. /// TODO: Handle Node:Arg in the analysis explicitly, to allow this. /// </summary> private ExpressionInfo ApplyAnalysisExtensionsToFuncCall(XmlNode node, ExpressionInfo currentInfo, IDictionary<uint, ExpressionInfo> argInfos) { foreach (var analysisExtension in AnalysisExtensions) { analysisExtension.FunctionMethodAnalyzerFactory = storage => { var customFunctionHandler = new CustomFunctionHandler(this._analyzer, _subroutineAnalyzerFactory); customFunctionHandler.AnalysisExtensions.AddRange(this.AnalysisExtensions); var varStorage = ImmutableVariableStorage.CreateFromMutable(storage); return _subroutineAnalyzerFactory.Create(varStorage, _inclusionResolver, _analysisStacks, customFunctionHandler, _vulnerabilityStorage); }; currentInfo = analysisExtension.AnalyzeFunctionCall(node, currentInfo, _variableStorage, _vulnerabilityStorage, argInfos, this._analysisStacks); } return currentInfo; }
private ExpressionInfo StoredMethodHandler(ExpressionInfo exprInfo, XmlNode node) { var functionCallExtractor = new FunctionCallExtractor(); var methodCall = functionCallExtractor.ExtractMethodCall(node, this._variableStorage, this._analysisScope); var fh = FunctionsHandler.Instance; foreach (var className in methodCall.ClassNames.Distinct()) { var sqlSinkFunc = fh.FindSQLSinkByName(methodCall.CreateFullMethodName(className)); if (sqlSinkFunc == null) { continue; } var vulnerableSqlParams = sqlSinkFunc.Parameters.Where(x => x.Value.IsSensitive).ToDictionary(pair => pair.Key); var param = methodCall.Arguments.Where(x => vulnerableSqlParams.Keys.Any(z => z.Item1 == x.Key)); foreach (var parameter in param) { ExpressionInfo customParameterAnalysis = Analyze(parameter.Value); if (customParameterAnalysis.ValueInfo.Value == null) continue; if (StringAnalysis.IsSQLInsertionStmt(customParameterAnalysis.ValueInfo.Value)) { customParameterAnalysis.ExpressionStoredTaint = new StoredVulnInfo(StringAnalysis.RetrieveSQLTableName(customParameterAnalysis.ValueInfo.Value), AstNode.GetStartLine(node)) { Taint = customParameterAnalysis.ExpressionTaint, ICantFeelIt = IsItInYet.YesItsGoingIn }; InsertIntoStoredLocation(customParameterAnalysis, node); customParameterAnalysis = new ExpressionInfo(); } else if (StringAnalysis.IsSQLRetrieveStmt(customParameterAnalysis.ValueInfo.Value)) { customParameterAnalysis.ExpressionStoredTaint = new StoredVulnInfo(StringAnalysis.RetrieveSQLTableName(customParameterAnalysis.ValueInfo.Value), AstNode.GetStartLine(node)) { Taint = new DefaultTaintProvider().GetTaintedTaintSet(), ICantFeelIt = IsItInYet.NoImPullingOut }; exprInfo.ValueInfo.NestedVariablePossibleStoredDefaultTaintFactory = () => new DefaultTaintProvider().GetTaintedTaintSet(); } exprInfo.ExpressionStoredTaint = exprInfo.ExpressionStoredTaint.Merge(customParameterAnalysis.ExpressionStoredTaint); } } return exprInfo; }
protected virtual string GetExpressionName(ExpressionInfo ei) { if (ei.Property.Name == "Parent") return "Children"; if(ei.IsUnique) return Reflector.CleanTypeName(ei.ToType); return NaturalLanguageTools.Pluralize(Reflector.CleanTypeName(ei.ToType).SpacePascal()).ToPascal(); }
public TokenInfo(Token identifier, ExpressionInfo info) { Identifier = identifier; Info = info; }
private void ScanVariables(BackgroundWorker worker, string objectPath, string objectName, string containerID, Variables variables) { if (worker.CancellationPending) { return; } foreach (Variable variable in variables) { try { if (!variable.EvaluateAsExpression) { continue; } // Check path to ensure variable is parented by current scope // only, not by child containers that inherit the variable if (!variable.GetPackagePath().StartsWith(objectPath + ".Variables[")) { continue; } ExpressionInfo info = new ExpressionInfo(); info.ContainerID = containerID; info.ObjectID = variable.ID; info.ObjectName = objectName; info.Type = typeof(Variable); info.ObjectPath = objectPath + ".Variables[" + variable.QualifiedName + "]"; info.ObjectType = variable.GetType().Name; info.PropertyName = variable.QualifiedName; info.Expression = variable.Expression; info.HasExpression = variable.EvaluateAsExpression; info.Icon = BIDSHelper.Resources.Versioned.Variable; worker.ReportProgress(0, info); } catch { } } }
private void ScanProperties(BackgroundWorker worker, string objectPath, Type objectType, string objectTypeName, string containerID, string objectID, string objectName, IDTSPropertiesProvider provider, string containerKey) { if (worker.CancellationPending) { return; } foreach (DtsProperty property in provider.Properties) { try { string expression = provider.GetExpression(property.Name); if (expression == null) { continue; } System.Diagnostics.Debug.Assert(PackageHelper.ControlFlowInfos.ContainsKey(containerKey)); ExpressionInfo info = new ExpressionInfo(); info.ContainerID = containerID; info.ObjectID = objectID; info.Type = objectType; info.ObjectName = objectName; if (property.Name.StartsWith("[")) { info.ObjectPath = objectPath + ".Properties" + property.Name + ""; } else { info.ObjectPath = objectPath + ".Properties[" + property.Name + "]"; } info.ObjectType = objectTypeName; info.PropertyName = property.Name; info.Expression = expression; info.HasExpression = (info.Expression != null); info.Icon = PackageHelper.ControlFlowInfos[containerKey].Icon; worker.ReportProgress(0, info); } catch { } } }
private void ScanPrecedenceConstraints(BackgroundWorker worker, string objectPath, string containerID, PrecedenceConstraints constraints) { if (worker.CancellationPending) { return; } foreach (PrecedenceConstraint constraint in constraints) { if (constraint.EvalOp == DTSPrecedenceEvalOp.Constraint) { continue; } if (string.IsNullOrEmpty(constraint.Expression)) { continue; } ExpressionInfo info = new ExpressionInfo(); info.ContainerID = containerID; info.ObjectID = constraint.ID; info.ObjectName = ((DtsContainer)constraint.PrecedenceExecutable).Name; info.ObjectPath = objectPath + ".PrecedenceConstraints[" + constraint.Name + "]"; info.Type = typeof(PrecedenceConstraint); info.ObjectType = constraint.GetType().Name; info.PropertyName = constraint.Name; info.Expression = constraint.Expression; info.HasExpression = true; info.Icon = BIDSHelper.Resources.Common.Path; worker.ReportProgress(0, info); } }
private ExpressionInfo Scalar_Encapsed(XmlNode node) { var partsArray = node.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Parts) .GetSubNode(AstConstants.Scalar + ":" + AstConstants.Scalars.Array); var encapsedParts = partsArray.GetSubNodesByPrefixes(AstConstants.Node, AstConstants.Scalar); var result = new ExpressionInfo(); foreach (var partResult in encapsedParts.Select(Analyze)) { result.ExpressionTaint = result.ExpressionTaint.Merge(partResult.ExpressionTaint); result.ValueInfo.Value = result.ValueInfo.Value + partResult.ValueInfo.Value; } return result; }
private ExpressionInfo StoredFuncHandler(ExpressionInfo exprInfo, XmlNode node, List<ExpressionInfo> argInfos) { var resultExpr = new ExpressionInfo(); var functionCallExtractor = new FunctionCallExtractor(); var functionCall = functionCallExtractor.ExtractFunctionCall(node); var fh = FunctionsHandler.Instance; var sqlSinkFunc = fh.FindSQLSinkByName(functionCall.Name); if (sqlSinkFunc != null) { var vulnerableSqlParams = sqlSinkFunc.Parameters.Where(x => x.Value.IsSensitive).ToDictionary(pair => pair.Key); var param = functionCall.Arguments.Where(x => vulnerableSqlParams.Keys.Any(z => z.Item1 == x.Key)); foreach (var arg in argInfos) { exprInfo = arg; if (exprInfo.ValueInfo.Value == null) { continue; } if (StringAnalysis.IsSQLInsertionStmt(exprInfo.ValueInfo.Value)) { exprInfo.ExpressionStoredTaint = new StoredVulnInfo(StringAnalysis.RetrieveSQLTableName(exprInfo.ValueInfo.Value), AstNode.GetStartLine(node)) { Taint = exprInfo.ExpressionTaint, ICantFeelIt = IsItInYet.YesItsGoingIn }; InsertIntoStoredLocation(exprInfo, node); exprInfo = new ExpressionInfo(); } else if(StringAnalysis.IsSQLRetrieveStmt(exprInfo.ValueInfo.Value)) { exprInfo.ExpressionStoredTaint = new StoredVulnInfo(StringAnalysis.RetrieveSQLTableName(exprInfo.ValueInfo.Value), AstNode.GetStartLine(node)) { Taint = new DefaultTaintProvider().GetTaintedTaintSet(), ICantFeelIt = IsItInYet.NoImPullingOut }; resultExpr.ValueInfo.NestedVariablePossibleStoredDefaultTaintFactory = () => new DefaultTaintProvider().GetTaintedTaintSet(); } resultExpr.ExpressionStoredTaint = resultExpr.ExpressionStoredTaint.Merge(exprInfo.ExpressionStoredTaint); } } else { return exprInfo; } return resultExpr; }
protected virtual string GetRegisterExpression(ExpressionInfo ei) { return "dqm.RegisterExpression(({from} {f}) => {f}.{name}(), () => typeof({to}).{NiceName}());" .Replace("{from}", ei.FromType.Name) .Replace("{to}", ei.ToType.Name) .Replace("{f}", GetVariableName(ei.FromType)) .Replace("{name}", ei.Name) .Replace("{NiceName}", ei.IsUnique ? "NiceName" : "NicePluralName"); }
private ExpressionInfo Subnode_Exprs(XmlNode node) { var arraynode = node.GetSubNode(AstConstants.Scalar + ":" + AstConstants.Scalars.Array); var subnodes = arraynode.GetSubNodesByPrefix(AstConstants.Node); var results = new ExpressionInfo(); var temptaintsets = subnodes.Select(Analyze).ToList(); return temptaintsets.Aggregate(results, (current, exprTaint) => current.Merge(exprTaint)); }
/// <summary> /// Attempts to add a list of expressions to this instance and invalidates the graph window. /// </summary> /// <param name="expressions">The list of expressions to add to this instance.</param> /// <returns><para> /// The list of expressions that was provided in <paramref name="expressions"/> paired with any exceptions that /// might have occurred while attempting to parse it. If no exception occurred while processing an expression, /// then that expression is added to this instance. It is then added to the returned dictionary, and its value /// is set to <c>null</c>. If, however, an exception occurred while processing an expression, that expression /// is added to the dictionary, and the exception that occurred is set to its value. It is not added to this /// instance. /// </para><para> /// Because of the way the returned dictionary is filled, the number of expressions in the dictionary will be /// equal to the number of expressions that was provided in <paramref name="expressions"/>. See the examples /// for clarification. /// </para><para> /// The graph window is invalidated during this method's runtime, and all added and enabled expressions will be /// recalculated. Additionally, all plotted points (e.g. the value point, see <see cref="ShowLineValue"/>) /// are cleared. /// </para></returns> /// <example> /// The following demonstrates adding two valid and two invalid expressions to a Graph. /// <code> /// var errors = graph.PutExpressions( /// new[] /// { /// new UncompiledStandardExpression(0, ExpressionType.Linear, "x^2"), /// new UncompiledStandardExpression(0, ExpressionType.Linear, "5x+2"), /// new UncompiledStandardExpression(0, ExpressionType.Linear, "9sin(5x))"), // Extra parenthese /// new UncompiledStandardExpression(0, ExpressionType.Linear, "5e^{4-sin(x))") // Curly brace /// }); /// /// foreach (var pair in errors) /// { /// Console.WriteLine("Expression: '{0}', Exception: '{1}'", pair.Key, pair.Value); /// } /// /// /* Output: /// * Expression: 'x^2', Exception: 'null' /// * Expression: '5x+2', Exception: 'null' /// * Expression: '9sin(5x))', Exception: 'Malformed infix detected.' /// * Expression: '5e^{4-sin(x))', Exception: 'Malformed infix detected.' /// */ /// </code> /// </example> public Dictionary<UncompiledExpression, Exception> PutExpressions(IEnumerable<UncompiledExpression> expressions) { var errors = new Dictionary<UncompiledExpression, Exception>(); foreach (UncompiledExpression expr in expressions) { bool isEmpty; if (expr.Type == ExpressionType.Parametric) { var paraExpr = (UncompiledParametricExpression)expr; isEmpty = string.IsNullOrWhiteSpace(paraExpr.XExpression) || string.IsNullOrWhiteSpace(paraExpr.YExpression); } else { var stdExpr = (UncompiledStandardExpression)expr; isEmpty = string.IsNullOrWhiteSpace(stdExpr.Expression); } if (!isEmpty) { ExpressionInfo existingExpr; if (_expressions.TryGetValue(expr.Slot, out existingExpr) && existingExpr.OriginalUncompiled.Equals(expr)) { // Don't compile an expression that hasn't been // changed, but check to see if the domains are different if (!existingExpr.Expression.Domain.OriginalUncompiled.SequenceEqual(expr.Domain)) { existingExpr.Expression.Domain = DomainCompiler.CompileDomain(Calculator, expr.Domain); } existingExpr.Expression.Color = expr.Color; continue; } ExpressionInfo info; try { CompiledDomain domain = null; if (expr.Domain.Count > 0) { domain = DomainCompiler.CompileDomain(Calculator, expr.Domain); } info = new ExpressionInfo(expr, domain) { Expression = { Color = expr.Color } }; } catch (Exception ex) { errors.Add(expr, ex); continue; } _expressions[expr.Slot] = info; } else { _expressions.Remove(expr.Slot); } errors.Add(expr, null); } _recalcLines = true; ClearPoints(); Invalidate(); return errors; }
private void CheckForXssVulnerabilities(ExpressionInfo expressionInfo, XmlNode node) { foreach (var vuln in expressionInfo.ExpressionTaint.XssTaint.Where(taint => taint.TaintTag != XSSTaint.None)) { string varName = (vuln.InitialTaintedVariable ?? "???"); string message = "XSS vulnerability found on variable: " + varName + " on line: " + AstNode.GetStartLine(node) + " in file: " + _analysisStacks.IncludeStack.Peek(); _vulnerabilityStorage.AddVulnerability(new VulnerabilityInfo() { Message = message, IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(), CallStack = _analysisStacks.CallStack.ToImmutableStack() }); } if (expressionInfo.ValueInfo.PossibleStoredTaint == null) { return; } var xssTaintSets = expressionInfo.ValueInfo.PossibleStoredTaint.Taint.XssTaint; foreach (var possibleVuln in xssTaintSets.Where(taint => taint.TaintTag != XSSTaint.None)) { string varName = possibleVuln.InitialTaintedVariable ?? "???"; var vulnMessage = "Tainted outgoing reaches sensitive sink: {0} on line: {1} in file: {2}"; string message = string.Format(vulnMessage, varName, AstNode.GetStartLine(node), _analysisStacks.IncludeStack.Peek()); var vulnInfo = new StoredVulnerabilityInfo() { Message = message, PossibleStoredVuln = expressionInfo.ValueInfo.PossibleStoredTaint, IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(), CallStack = _analysisStacks.CallStack.ToImmutableStack(), VulnerabilityType = VulnType.XSS }; _vulnerabilityStorage.AddPossibleStoredVulnerability(vulnInfo); } }
//========================================================================= Helper functions private List<ExpressionInfo> GetExpressionInfoListFromGui() { var expInfoList = new List<ExpressionInfo>(); if (this.ExpressionListView == null) return expInfoList; var index = 0; foreach (var dataItem in this.ExpressionListView.Items) { var expInfo = new ExpressionInfo { Id = index++ }; var ddField = GetFieldNameControl(dataItem); var ddRelOp = GetRelOpControl(dataItem); var tbExp = GetExpressionControl(dataItem); var ddChainOp = GetChainOpControl(dataItem); if (ddField != null) expInfo.FieldName = ddField.SelectedValue; if (ddRelOp != null) expInfo.RelationalOperator = (Operator)Convert.ToInt32(ddRelOp.SelectedValue); if (tbExp != null) expInfo.Expression = tbExp.Text; if (ddChainOp != null) expInfo.LogicalOperator = (LogicalOperator)Convert.ToInt32(ddChainOp.SelectedValue); expInfoList.Add(expInfo); } return expInfoList; }
private void InsertIntoStoredLocation(ExpressionInfo expressionInfo, XmlNode node) { if (expressionInfo.ExpressionStoredTaint != null) { if (expressionInfo.ExpressionStoredTaint.ICantFeelIt != IsItInYet.YesItsGoingIn) { throw new NotSupportedException("Trying to insert a Stored taint into vulnerabilityStorage, " + "but is not tagged with in-going store taint"); } // SQLI foreach (var possibleVuln in expressionInfo.ExpressionStoredTaint.Taint.SqliTaint) { if (possibleVuln.TaintTag != SQLITaint.None) { string varName = (possibleVuln.InitialTaintedVariable ?? "???"); string message = "Stored SQLI found - Ingoing: " + varName + " on line: " + AstNode.GetStartLine(node) + " in file: " + _analysisStacks.IncludeStack.Peek(); _vulnerabilityStorage.AddPossibleStoredVulnerability(new StoredVulnerabilityInfo() { Message = message, PossibleStoredVuln = expressionInfo.ExpressionStoredTaint, IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(), CallStack = _analysisStacks.CallStack.ToImmutableStack(), VulnerabilityType = VulnType.SQL }); } } // XSS foreach (var possibleVuln in expressionInfo.ExpressionStoredTaint.Taint.XssTaint) { if (possibleVuln.TaintTag != XSSTaint.None) { string varName = (possibleVuln.InitialTaintedVariable ?? "???"); string message = "Stored XSS found - Ingoing: " + varName + " on line: " + AstNode.GetStartLine(node) + " in file: " + _analysisStacks.IncludeStack.Peek(); _vulnerabilityStorage.AddPossibleStoredVulnerability(new StoredVulnerabilityInfo() { Message = message, PossibleStoredVuln = expressionInfo.ExpressionStoredTaint, IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(), CallStack = _analysisStacks.CallStack.ToImmutableStack(), VulnerabilityType = VulnType.XSS }); } } } }
private ExpressionItem GetExpressionItem(ExpressionInfo expInfo) { if (expInfo == null || expInfo.IsEmpty) return null; PropertyType pType = null; var pred = new Predicate { LeftOperand = expInfo.FieldName, LogicalOperator = LogicalOperator.None, //expInfo.LogicalOperator, Operator = expInfo.RelationalOperator, RightOperand = expInfo.Expression }; TransformReferenceToInt(pred); switch (pred.LeftOperand) { case "Id": case "ParentId": case "Index": case "IsDeleted": case "IsInherited": case "Locked": case "LockType": case "LockTimeout": case "CreatedById": case "ModifiedById": case "LockedById": pred.PredicateType = PredicateType.IntExpression; break; case "CreatedBy": case "ModifiedBy": pred.PredicateType = PredicateType.ReferenceExpression; break; case "Name": case "Path": case "LockToken": pred.PredicateType = PredicateType.StringExpression; break; case "CreationDate": case "ModificationDate": case "LockDate": case "LastLockUpdate": pred.PredicateType = PredicateType.DateTimeExpression; break; //case "NodeType": //case "ContentListId": //case "ContentListType": //case "Parent": //case "IsModified": //case "NodeCreationDate": //case "NodeCreatedBy": //case "Version": //case "VersionId": //case "Lock": //case "LockedBy": //case "ETag": //case "Security": default: //#Text1 -> #String_0 if (expInfo.FieldName.StartsWith("#")) { var cList = SystemContext as ContentList; pred.LeftOperand = cList.GetPropertySingleId(expInfo.FieldName); } pType = ActiveSchema.PropertyTypes[pred.LeftOperand]; break; } if (pType != null) { switch (pType.DataType) { case DataType.String: pred.PredicateType = PredicateType.StringExpression; break; case DataType.Reference: pred.PredicateType = PredicateType.ReferenceExpression; break; case DataType.Int: pred.PredicateType = PredicateType.IntExpression; break; case DataType.Text: pred.PredicateType = PredicateType.SearchExpression; break; case DataType.DateTime: pred.PredicateType = PredicateType.DateTimeExpression; break; default: return null; } } return pred; }
protected virtual bool ShouldWriteExpression(ExpressionInfo ei) { switch (EntityKindCache.GetEntityKind(ei.FromType)) { case EntityKind.Part: case EntityKind.String: case EntityKind.SystemString: return false; default: return true; } }
/// <summary> /// Analyses a custom function in for security issues, with the currenctly known taint for actual parameters. /// </summary> /// <returns>A TainSets for the custom function that is being analyzed</returns> /// <param name="customFunction">Custom function object to perform the analysis on</param> /// <param name="varStorage">The currently known variable storage (this is to included because of superglobals, globals etc.)</param> /// <param name="paramActualVals">Parameter actual values</param> /// <param name="resolver">File inclusion resolver</param> /// <param name="includeStack">Currently known includes</param> /// <param name="functionCalls">Currently known function calls</param> internal ExpressionInfo AnalyseCustomFunction(Function customFunction, ImmutableVariableStorage varStorage, IVulnerabilityStorage vulnerabilityStorage, IList<ExpressionInfo> paramActualVals, IIncludeResolver resolver, AnalysisStacks stacks) { var stmts = customFunction.AstNode.GetSubNode(AstConstants.Subnode + ":" + AstConstants.Subnodes.Stmts).FirstChild; var traverser = new XmlTraverser(); var cfgcreator = new CFGCreator(); traverser.AddVisitor(cfgcreator); traverser.Traverse(stmts); var cfgPruner = new CFGPruner(); cfgPruner.Prune(cfgcreator.Graph); var initialTaint = varStorage.ToMutable(); initialTaint.SuperGlobals.Clear(); initialTaint.SuperGlobals.AddRange(varStorage.SuperGlobals); initialTaint.LocalVariables.Clear(); initialTaint.LocalAccessibleGlobals.Clear(); for(int i = 1; i <= paramActualVals.Count; i++) { var paramFormal = customFunction.Parameters.FirstOrDefault(x => x.Key.Item1 == i); if (paramFormal.Value == null) { continue; } var @var = new Variable(paramFormal.Value.Name, VariableScope.Function) {Info = paramActualVals[i - 1].ValueInfo}; initialTaint.LocalVariables.Add(paramFormal.Value.Name, @var); } var blockAnalyzer = new TaintBlockAnalyzer(vulnerabilityStorage, resolver, AnalysisScope.Function, fileAnalyzer, stacks, subroutineAnalyzerFactory); blockAnalyzer.AnalysisExtensions.AddRange(AnalysisExtensions); var condAnalyser = new ConditionTaintAnalyser(AnalysisScope.Function, resolver, stacks.IncludeStack); var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, ImmutableVariableStorage.CreateFromMutable(initialTaint)); //var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist()); var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(cfgcreator.Graph)); taintAnalysis.Analyze(cfgcreator.Graph); var exprInfoAll = new ExpressionInfo(); foreach (ExpressionInfo exprInfo in blockAnalyzer.ReturnInfos) { exprInfoAll = exprInfoAll.Merge(exprInfo); } return exprInfoAll; }
public override TooltipItem GetTooltipItem(Vector2 pos) { Vector2 originalPos = pos; if (parserInterface.lastSourceFile == null) { Reparse(); } pos = editor.doc.GoToEndOfWord(pos,1); Vector2 endWordPos = editor.doc.IncrementPosition(pos,-1); pos = editor.doc.GoToEndOfWhitespace(pos,1); ExpressionInfo result = new ExpressionInfo(); result.startPosition = pos; result.endPosition = pos; result.initialized = true; char nextChar = editor.doc.GetCharAt(pos); bool isBeginGeneric = nextChar == '<'; if (useUnityscript) { Vector2 charAfterPos = editor.doc.GoToEndOfWhitespace(editor.doc.IncrementPosition(pos,1),1); char charAfter = editor.doc.GetCharAt(charAfterPos); if (nextChar == '.' && charAfter == '<') { pos = charAfterPos; nextChar = editor.doc.GetCharAt(pos); isBeginGeneric = true; } } //GameObject go; //go.GetComponent<Vector3>(); if (isBeginGeneric) { result.startPosition = pos; result.endPosition = pos; ExpressionResolver.editor = editor; result = ExpressionResolver.CountToExpressionEnd(result,1,ExpressionBracketType.Generic); pos = result.endPosition; pos = editor.doc.IncrementPosition(pos,1); pos = editor.doc.GoToEndOfWhitespace(pos,1); result.startPosition = pos; result.endPosition = pos; nextChar = editor.doc.GetCharAt(pos); } bool isFunction = false; if (nextChar == '(') { ExpressionResolver.editor = editor; result = ExpressionResolver.CountToExpressionEnd(result,1,ExpressionBracketType.Expression); pos = result.endPosition; nextChar = editor.doc.GetCharAt(pos); isFunction = true; } if (!isFunction) { pos = endWordPos; } //Debug.Log(nextChar+" "+editor.doc.GetCharAt(endWordPos)); string str = editor.syntaxRule.ResolveExpressionAt(pos,-1); if (useUnityscript) { str = str.Replace(".<","<"); } //Debug.Log(str); ChainResolver sigChainResolver = new ChainResolver(editor,originalPos); ChainItem item = null; item = sigChainResolver.ResolveChain(str,false); TooltipItem tooltipItem = null; if (item != null) { if (item.finalLinkType != null) { tooltipItem = new TooltipItem(item.finalLinkType.Name+" "+item.finalLink.name); tooltipItem.clrType = item.finalLinkType; } if (item.finalLink.completionItem != null) { tooltipItem = new TooltipItem(item.finalLink.completionItem); } } return tooltipItem; }
protected virtual string WriteExpressionMethod(ExpressionInfo info) { Type from = info.Property.PropertyType.CleanType(); string varFrom = GetVariableName(from); string varTo = GetVariableName(info.ToType); if (varTo == varFrom) varTo += "2"; string filter = info.Property.PropertyType.IsLite() ? "{t} => {t}.{prop}.RefersTo({f})" : "{t} => {t}.{prop} == {f}"; string str = info.IsUnique? @"static Expression<Func<{from}, {to}>> {MethodExpression} = {f} => Database.Query<{to}>().SingleOrDefaultEx({filter}); [ExpressionField] public static {to} {Method}(this {from} e) { return {MethodExpression}.Evaluate(e); } " : @"static Expression<Func<{from}, IQueryable<{to}>>> {MethodExpression} = {f} => Database.Query<{to}>().Where({filter}); [ExpressionField] public static IQueryable<{to}> {Method}(this {from} e) { return {MethodExpression}.Evaluate(e); } "; return str.Replace("{filter}", filter) .Replace("{from}", from.Name) .Replace("{to}", info.ToType.Name) .Replace("{t}", varTo) .Replace("{f}", varFrom) .Replace("{prop}", info.Property.Name) .Replace("{Method}", info.Name) .Replace("{MethodExpression}", info.ExpressionName); }