internal void StoreStringObject(List<JintItem> Object, string Value) { if (Value.Length == 0) return; string ExistingValue = GetStringObject(Object); if (ExistingValue.Equals(Value)) return; if (ExistingValue.Length > 0) { int RemovalIndex = -1; for (int i = 0; i < InterestingStringHolders[ExistingValue].Count; i++) { ItemChecker IC = new ItemChecker(this); if (IC.DoItemsMatch(InterestingStringHolders[ExistingValue][i], Object).NeutralReasons.Count > 0) RemovalIndex = i; } if (RemovalIndex >= 0) InterestingStringHolders[ExistingValue].RemoveAt(RemovalIndex); } if (InterestingStringHolders.ContainsKey(Value)) InterestingStringHolders[Value].Add(Object); else InterestingStringHolders.Add(Value, new List<List<JintItem>>() { Object }); }
internal string GetStringObject(List<JintItem> Object) { bool FirstCheck = true; ItemChecker IC = new ItemChecker(this); int AddedAt = 0; foreach (List<JintItem> StrItem in SentForStringConversion) { if (ItemChecker.IsSimilar(Object, StrItem)) { FirstCheck = false; break; } } if (FirstCheck) { SentForStringConversion.Add(Object); AddedAt = SentForStringConversion.Count - 1; } foreach (string Key in InterestingStringHolders.Keys) { foreach (List<JintItem> Item in InterestingStringHolders[Key]) { if (FirstCheck) { if (IC.DoItemsMatch(Item, Object).NeutralReasons.Count > 0) { SentForStringConversion.RemoveAt(AddedAt); return Key; } } else { if (ItemChecker.IsSimilar(Item, Object)) return Key; } } } if (FirstCheck) SentForStringConversion.RemoveAt(AddedAt); return ""; }
internal void RemoveStringObject(List<JintItem> Object) { foreach (string Key in InterestingStringHolders.Keys) { List<int> RemoveIndexes = new List<int>(); int Index = -1; foreach (List<JintItem> Item in InterestingStringHolders[Key]) { Index++; ItemChecker IC = new ItemChecker(this); if (IC.DoItemsMatch(Item, Object).NeutralReasons.Count > 0) RemoveIndexes.Add(Index); } for (int i = 0; i < RemoveIndexes.Count; i++ ) { InterestingStringHolders[Key].RemoveAt(RemoveIndexes[i] - i); } } }
List<JintItem> GetMappedItem(List<JintItem> LeftItem, List<JintItem> RightItem, List<JintItem> List) { List<JintItem> EmptyResult = new List<JintItem>(); if (RightItem.Count == 0 || LeftItem.Count == 0 || List.Count == 0) return EmptyResult; ItemChecker IC = new ItemChecker(this); if (IC.DoItemsMatch(List, RightItem, false).NeutralReasons.Count == 0) return EmptyResult; int RightMatchStopIndex = -1; if (RightItem[0].State == JintState.Identifier && LeftItem[0].State == JintState.Identifier && (List[0].State == JintState.Identifier || List[0].State == JintState.MethodCallName)) { if (RightItem[0].Value.Equals(List[0].Value)) RightMatchStopIndex++; else return EmptyResult; for (int i = 1; i < RightItem.Count; i++) { if ((RightItem[i].State == JintState.Property || RightItem[i].State == JintState.StringIndex) && (List.Count > i) && (List[i].State == JintState.Property || List[i].State == JintState.StringIndex || List[i].State == JintState.MethodCallName)) { if (RightItem[i].Value.Equals(List[i].Value)) RightMatchStopIndex++; else break; } else break; } } else { return EmptyResult; } if (RightMatchStopIndex < RightItem.Count -1) return EmptyResult; List<JintItem> ResultItem = new List<JintItem>(LeftItem); for (int i = RightMatchStopIndex + 1; i < List.Count; i++) { if (List[i].State == JintState.MethodCallArgument) { if (i > 0 && ResultItem.Count > 0) { if (ResultItem[ResultItem.Count - 1].State == JintState.Identifier || ResultItem[ResultItem.Count - 1].State == JintState.Property) ResultItem[ResultItem.Count - 1].State = JintState.MethodCallName; } } ResultItem.Add(List[i]); } return ResultItem; }
void Analyze(VariableDeclarationStatement Stmt) { SetCurrentLineAndCharNos(Stmt); ItemChecker TC = new ItemChecker(this); if (Stmt.Identifier != null) { List<JintItem> LeftItems = new List<JintItem>() { new JintItem(Stmt.Source, JintState.Identifier, Stmt.Identifier, this)}; int StatusIndex = AddToJintStack(Stmt.Source, JintState.Identifier, Stmt.Identifier); if (Stmt.Expression != null) { int RightExpIndex = AddToJintStack(Stmt.Source, JintState.AssignmentExpressionRight); Analyze(Stmt.Expression); List<JintItem> RightItems = RemoveJintStackFrom(RightExpIndex + 1); if (Stmt.Expression.GetType().Name.Equals("AssignmentExpression")) { Analyze(((AssignmentExpression)Stmt.Expression).Left); RightItems = RemoveJintStackFrom(RightExpIndex + 1); } List<List<JintItem>> RightItemParts = ItemChecker.GetItemParts(RightItems); UpdateMappings(LeftItems, RightItemParts); foreach (List<JintItem> RightItemPart in RightItemParts) { TaintResult RightResult = TC.Check(RightItemPart); if (RightResult.SourceTaint) { foreach (JintItem Item in LeftItems) { Item.SourceReasons.AddRange(RightResult.SourceReasons); } AddToSourceObjects(LeftItems); if (RightItems.Count > 0) AddSourceLine(RightItemPart[0].LineNo, RightResult.SourceReasons); else AddSourceLine(CurrentLineNo, RightResult.SourceReasons); } if (RightResult.SinkTaint) { foreach (JintItem Item in LeftItems) { Item.SinkReasons.AddRange(RightResult.SinkReasons); } AddToSinkObjects(LeftItems); if (RightItems.Count > 0) AddSinkLine(RightItemPart[0].LineNo, RightResult.SinkReasons); else AddSinkLine(CurrentLineNo, RightResult.SinkReasons); } } RemoveJintStackFrom(StatusIndex); } } }
void Analyze(ReturnStatement Stmt) { SetCurrentLineAndCharNos(Stmt); if (Stmt.Expression != null) { int StatusIndex = JintStack.Count; Analyze(Stmt.Expression); if (JintStack.Count > StatusIndex) { List<JintItem> ReturnItems = RemoveJintStackFrom(StatusIndex); if (ReturnItems.Count > 0) { ItemChecker IC = new ItemChecker(this); TaintResult ReturnResult = IC.Check(ReturnItems); if (ReturnResult.SourceTaint) AddSourceLine(ReturnItems[0].LineNo, ReturnResult.SourceReasons); if (ReturnResult.SinkTaint) AddSinkLine(ReturnItems[0].LineNo, ReturnResult.SinkReasons); } } } }
void Analyze(MethodCall Stmt) { SetCurrentLineAndCharNos(Stmt); int LineNo = CurrentLineNo; JintItem LastItem; if (JintStack.Count > 0) { LastItem = JintStack[JintStack.Count - 1]; if (LastItem.State == JintState.MethodCallArgument || LastItem.State == JintState.MethodName) { LastItem = new JintItem(CurrentLineNo, 0, JintState.AnonymousMethod); JintStack.Add(LastItem); } } else { LastItem = new JintItem(CurrentLineNo, 0, JintState.AnonymousMethod); JintStack.Add(LastItem); } int MethodCallIndex = 0; if (LastItem.State == JintState.Identifier || LastItem.State == JintState.Property || LastItem.State == JintState.Indexer || LastItem.State == JintState.StringIndex || LastItem.State == JintState.IdentifierIndex || LastItem.State == JintState.IntIndex || LastItem.State == JintState.AnonymousMethod || LastItem.LineNo != LineNo) { RemoveJintStackFrom(JintStack.Count - 1); if (LastItem.State == JintState.Identifier || LastItem.State == JintState.Property) JintStack.Add(new JintItem(LastItem.LineNo, LastItem.CharNo, JintState.MethodCallName, LastItem.Value)); else JintStack.Add(new JintItem(LastItem.LineNo, LastItem.CharNo, JintState.MethodCallName, "")); LineNo = LastItem.LineNo; MethodCallIndex = JintStack.Count - 1; if (Stmt.Arguments != null) { if (Stmt.Arguments.Count > 0) Analyze(Stmt.Arguments); else AddToJintStack(Stmt.Source, JintState.MethodCallArgument); } List<JintItem> MethodRelatedItems = GetMethodItems(MethodCallIndex); ItemChecker IC = new ItemChecker(this); List<JintItem> MethodArguments = IC.GetLastMethodArguments(MethodRelatedItems); List<int> SourcePositions = new List<int>(); List<int> SinkPositions = new List<int>(); for (int i = 0; i < MethodArguments.Count; i++) { TaintResult Result = IC.Check(MethodArguments[i].SubItems); if (Result.SourceTaint) { SourcePositions.Add(i); Result.SourceReasons.Add("Method Argument is a Source"); AddSourceLine(CurrentLineNo, Result.SourceReasons); } if (Result.SinkTaint) { SinkPositions.Add(i); Result.SinkReasons.Add("Method Argument is a Sink"); AddSinkLine(CurrentLineNo, Result.SinkReasons); } } foreach (List<JintItem> Template in ArgumentAssignedASourceMethods) { if(Template.Count == 0) continue; TaintResult MethodResult = IC.IsMatch(MethodRelatedItems, Template); if (MethodResult.NeutralReasons.Count > 0) { List<JintItem> TemplateArguments = IC.GetLastMethodArguments(Template); if(TemplateArguments.Count == 0) continue; AddSourceLine(LineNo, Template[0].SourceReasons); if (TemplateArguments.Count == 1 && TemplateArguments[0].SubItems.Count == 0 && SinkPositions.Count > 0) AddSourceToSinkLine(LineNo); else if (MethodArguments.Count == TemplateArguments.Count) { foreach (int i in SinkPositions) { if(TemplateArguments.Count > i) if(TemplateArguments[i].SubItems.Count > 0) if(TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer) AddSourceToSinkLine(LineNo); } } } } foreach (List<JintItem> Template in ArgumentAssignedToSinkMethods) { if (Template.Count == 0) continue; TaintResult MethodResult = IC.IsMatch(MethodRelatedItems, Template); if (MethodResult.NeutralReasons.Count > 0) { List<JintItem> TemplateArguments = IC.GetLastMethodArguments(Template); if (TemplateArguments.Count == 0) continue; AddSinkLine(LineNo, Template[0].SinkReasons); if (TemplateArguments.Count == 1 && TemplateArguments[0].SubItems.Count == 0 && SourcePositions.Count > 0) AddSourceToSinkLine(LineNo); else if (MethodArguments.Count == TemplateArguments.Count) { foreach (int i in SourcePositions) { if (TemplateArguments.Count > i) if (TemplateArguments[i].SubItems.Count > 0) if (TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer) AddSourceToSinkLine(LineNo); } } } } } else { IronException.Report("MethodName missing in IronJint", "LastItem State -" + LastItem.State.ToString()); } if (Stmt.Generics != null) Analyze(Stmt.Generics); }
void Analyze(AssignmentExpression Stmt) { SetCurrentLineAndCharNos(Stmt); List<JintItem> LeftItems = new List<JintItem>(); List<List<JintItem>> LeftItemParts = new List<List<JintItem>>(); List<List<JintItem>> SinkTaintedLeftItems = new List<List<JintItem>>(); ItemChecker TC = new ItemChecker(this); if (Stmt.Left != null) { int StatusIndex = AddToJintStack(Stmt.Left.Source, JintState.AssignmentExpressionLeft); Analyze(Stmt.Left); LeftItems = RemoveJintStackFrom(StatusIndex + 1); LeftItemParts = ItemChecker.GetItemParts(LeftItems); foreach (List<JintItem> LeftItemPart in LeftItemParts) { TaintResult LeftResult = TC.Check(LeftItemPart); if (LeftResult.SinkTaint) { SinkTaintedLeftItems.Add(LeftItemPart); if (LeftItemPart.Count > 0) AddSinkLine(LeftItemPart[0].LineNo, LeftResult.SinkReasons); else AddSinkLine(CurrentLineNo, LeftResult.SinkReasons); } } RemoveJintStackFrom(StatusIndex); } List<JintItem> RightItems = new List<JintItem>(); if (Stmt.Right != null) { int StatusIndex = AddToJintStack(Stmt.Left.Source, JintState.AssignmentExpressionRight); Analyze(Stmt.Right); RightItems = RemoveJintStackFrom(StatusIndex + 1); if (Stmt.Right.GetType().Name.Equals("AssignmentExpression")) { Analyze(((AssignmentExpression)Stmt.Right).Left); RightItems = RemoveJintStackFrom(StatusIndex + 1); } List<List<JintItem>> RightItemParts = ItemChecker.GetItemParts(RightItems); UpdateMappings(LeftItems, RightItemParts); foreach (List<JintItem> RightItemPart in RightItemParts) { TaintResult RightResult = TC.Check(RightItemPart); if (RightResult.SourceTaint) { foreach (JintItem Item in LeftItems) { Item.SourceReasons.AddRange(RightResult.SourceReasons); } AddToSourceObjects(LeftItems); if (RightItems.Count > 0) AddSourceLine(RightItemPart[0].LineNo, RightResult.SourceReasons); else AddSourceLine(CurrentLineNo, RightResult.SourceReasons); if (SinkTaintedLeftItems.Count > 0) if (LeftItems.Count > 0) AddSourceToSinkLine(LeftItems[0].LineNo); else AddSourceToSinkLine(CurrentLineNo); } else { foreach (List<JintItem> LeftItemPart in LeftItemParts) { RemoveFromSourceTaintedItems(LeftItemPart); } } if (RightResult.SinkTaint) { foreach (JintItem Item in LeftItems) { Item.SinkReasons.AddRange(RightResult.SinkReasons); } foreach (List<JintItem> LeftItemPart in LeftItemParts) { AddToSinkObjects(LeftItemPart); } if (RightItems.Count > 0) AddSinkLine(RightItemPart[0].LineNo, RightResult.SinkReasons); else AddSinkLine(CurrentLineNo, RightResult.SinkReasons); } else { foreach (List<JintItem> LeftItemPart in LeftItemParts) { RemoveFromSinkTaintedItems(LeftItemPart); } } } RemoveJintStackFrom(StatusIndex); } }