def analyse_assignment_expression(self, assignment_node):
'''
type: 'AssigmentExpression';
operator: '=' | '*=' | '**=' | '/=' | '%=' | '+=' | '-=' |'<<=' | '>>=' | '>>>=' | '&=' | '^=' | '|=';
left: Identifier;
right: Identifier;
'''
left = assignment_node['left']
right = assignment_node['right']
operator = assignment_node['operator']
self.dispatcher(left)
self.dispatcher(right)
# Assignment node gets flow from right
right_flow = right['flow']
left_flow = left['flow']
# we don't want to account for left sources: they will be overwritten
left_flow.remove_sources()
left_flow.remove_sanitizers()
right_flow.remove_sinks()
resulting_flow = Flow([right_flow, left_flow])
assignment_node['flow'] = Flow([right_flow])
# Variable from left gets flow from right
# NOTE: left node doesn't need to get the flow from right
# NOTE: we want to keep track of left sinks
self.variable_flows[left['full_name']] = Flow([resulting_flow])
# Check if left is sink
self.vulnerabilities += resulting_flow.check_vulns()
def analyse_call_expression(self, call_node):
'''
type: 'CallExpression';
callee: Expression | Import;
arguments: ArgumentListElement[];
'''
callee = call_node['callee']
arguments = call_node['arguments']
self.dispatcher(callee)
callee_flow = callee['flow']
argument_flows = []
for argument in arguments:
self.dispatcher(argument)
argument_flows.append(argument['flow'])
args_flow = Flow(argument_flows)
args_flow.remove_sinks()
call_flow = Flow([callee_flow, args_flow])
call_node['flow'] = call_flow
self.vulnerabilities += call_flow.check_vulns()