TaintResult IsMethodArgumentsMatch(List <JintItem> ItemArguments, List <JintItem> TemplateArguments)
{
TaintResult Result = new TaintResult();
if (IJ.IsTimedOut())
{
return(Result);
}
if (ItemArguments.Count != TemplateArguments.Count)
{
return(Result);
}
for (int i = 0; i < ItemArguments.Count; i++)
{
if ((ItemArguments[i].SubItems.Count > 0) && (TemplateArguments[i].SubItems.Count > 0))
{
if (TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer)
{
Result.Add(Check(ItemArguments[i].SubItems));
}
}
}
return(Result);
}
internal TaintResult Check(List <JintItem> Item)
{
TaintResult Result = new TaintResult();
if (IJ.IsTimedOut())
{
return(Result);
}
List <List <JintItem> > ItemParts = GetItemParts(Item);
foreach (List <JintItem> Part in ItemParts)
{
Result.Add(IsTainted(Part));
//When tracing keyword if keyword is inside string value even then it should be treated as a source
if (IJ.TraceKeyword)
{
foreach (JintItem PartItem in Part)
{
if ((PartItem.State == JintState.StringValue || PartItem.State == JintState.IntValue) && PartItem.Value.IndexOf(IJ.KeywordToTrace, StringComparison.OrdinalIgnoreCase) > -1)
{
Result.SourceReasons.Add("Matches with Keyword being traced");
}
}
}
}
return(Result);
}
internal TaintResult IsMatch(List <JintItem> Item, List <JintItem> Template)
{
TaintResult Result = new TaintResult();
if (Item.Count == 0)
{
return(Result);
}
if (Template.Count == 0)
{
return(Result);
}
if ((Item[0].State != JintState.Identifier) && (Item[0].State != JintState.MethodCallName))
{
//MessageBox.Show("Item starts with - " + Item[0].State.ToString());
return(Result);
}
if ((Template[0].State != JintState.Identifier) && (Template[0].State != JintState.MethodCallName))
{
//MessageBox.Show("Template starts with - " + Template[0].State.ToString());
return(Result);
}
int ItemMatchIndex = 0;
while (ItemMatchIndex < Item.Count)
{
switch (Template[0].State)
{
case (JintState.Identifier):
switch (Item[ItemMatchIndex].State)
{
case (JintState.Identifier):
case (JintState.Property):
case (JintState.StringIndex):
if (Item[ItemMatchIndex].Value.Equals(Template[0].Value))
{
Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
}
break;
case (JintState.IdentifierIndex):
case (JintState.Indexer):
string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
if (IndexValue.Length > 0 && IndexValue.Equals(Template[0].Value))
{
Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
}
break;
}
break;
case (JintState.MethodCallName):
switch (Item[ItemMatchIndex].State)
{
case (JintState.MethodCallName):
case (JintState.StringIndex):
if (Item[ItemMatchIndex].Value.Equals(Template[0].Value))
{
Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
}
break;
case (JintState.IdentifierIndex):
case (JintState.Indexer):
string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
if (IndexValue.Length > 0 && IndexValue.Equals(Template[0].Value))
{
Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
}
break;
}
break;
}
ItemMatchIndex++;
}
return(Result);
}
TaintResult IsMethodArgumentsMatch(List<JintItem> ItemArguments, List<JintItem> TemplateArguments)
{
TaintResult Result = new TaintResult();
if (ItemArguments.Count != TemplateArguments.Count) return Result;
for (int i = 0; i < ItemArguments.Count; i++)
{
if((ItemArguments[i].SubItems.Count > 0) && (TemplateArguments[i].SubItems.Count > 0))
{
if (TemplateArguments[i].SubItems[0].State == JintState.MethodCallArgumentTaintPointer)
{
Result.Add(Check(ItemArguments[i].SubItems));
}
}
}
return Result;
}
internal TaintResult IsMatch(List<JintItem> Item, List<JintItem> Template)
{
TaintResult Result = new TaintResult();
if (Item.Count == 0) return Result;
if (Template.Count == 0) return Result;
if ((Item[0].State != JintState.Identifier) && (Item[0].State != JintState.MethodCallName))
{
//MessageBox.Show("Item starts with - " + Item[0].State.ToString());
return Result;
}
if ((Template[0].State != JintState.Identifier) && (Template[0].State != JintState.MethodCallName))
{
//MessageBox.Show("Template starts with - " + Template[0].State.ToString());
return Result;
}
int ItemMatchIndex = 0;
while (ItemMatchIndex < Item.Count)
{
switch (Template[0].State)
{
case (JintState.Identifier):
switch (Item[ItemMatchIndex].State)
{
case (JintState.Identifier):
case (JintState.Property):
case (JintState.StringIndex):
if (Item[ItemMatchIndex].Value.Equals(Template[0].Value))
Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
break;
case (JintState.IdentifierIndex):
case (JintState.Indexer):
string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
if (IndexValue.Length > 0 && IndexValue.Equals(Template[0].Value))
Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
break;
}
break;
case (JintState.MethodCallName):
switch (Item[ItemMatchIndex].State)
{
case (JintState.MethodCallName):
case (JintState.StringIndex):
if (Item[ItemMatchIndex].Value.Equals(Template[0].Value))
Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
break;
case (JintState.IdentifierIndex):
case (JintState.Indexer):
string IndexValue = GetIndexStringValue(Item[ItemMatchIndex]);
if (IndexValue.Length > 0 && IndexValue.Equals(Template[0].Value))
Result.Add(DoItemsMatch(Item.GetRange(ItemMatchIndex, Item.Count - ItemMatchIndex), Template));
break;
}
break;
}
ItemMatchIndex++;
}
return Result;
}
internal TaintResult Check(List<JintItem> Item)
{
TaintResult Result = new TaintResult();
List<List<JintItem>> ItemParts = GetItemParts(Item);
foreach (List<JintItem> Part in ItemParts)
{
Result.Add(IsTainted(Part));
//When tracing keyword if keyword is inside string value even then it should be treated as a source
if (IJ.TraceKeyword)
{
foreach (JintItem PartItem in Part)
{
if ((PartItem.State == JintState.StringValue || PartItem.State == JintState.IntValue) && PartItem.Value.IndexOf(IJ.KeywordToTrace, StringComparison.OrdinalIgnoreCase) > -1)
Result.SourceReasons.Add("Matches with Keyword being traced");
}
}
}
return Result;
}
