def test_is_sanitised_true(self):
cfg_node_1 = Node('Awesome sanitiser',
None,
line_number=None,
path=None)
cfg_node_2 = Node('something.replace("this", "with this")',
None,
line_number=None,
path=None)
sinks_in_file = [
vulnerabilities.TriggerNode('replace', ['escape'], cfg_node_2)
]
sanitiser_dict = {'escape': [cfg_node_1]}
# We should use mock instead
orginal_get_lattice_elements = ReachingDefinitionsTaintAnalysis.get_lattice_elements
ReachingDefinitionsTaintAnalysis.get_lattice_elements = self.get_lattice_elements
lattice = Lattice([cfg_node_1, cfg_node_2],
analysis_type=ReachingDefinitionsTaintAnalysis)
constraint_table[cfg_node_2] = 0b1
result = vulnerabilities.is_sanitised(sinks_in_file[0], sanitiser_dict,
lattice)
self.assertEqual(result, True)
# Clean up
ReachingDefinitionsTaintAnalysis.get_lattice_elements = orginal_get_lattice_elements
def test_get_elements(self):
a = self.Node('x = 1', True)
b = self.Node('print(x)', False)
c = self.Node('x = 3', True)
d = self.Node('y = x', True)
lattice = Lattice([a, c, d], self.AnalysisType)
self.assertEqual(set(lattice.get_elements(0b111)), {a, c, d})
self.assertEqual(set(lattice.get_elements(0b0)), set())
self.assertEqual(set(lattice.get_elements(0b1)), {a})
self.assertEqual(set(lattice.get_elements(0b10)), {c})
self.assertEqual(set(lattice.get_elements(0b100)), {d})
self.assertEqual(set(lattice.get_elements(0b11)), {a, c})
self.assertEqual(set(lattice.get_elements(0b101)), {a, d})
self.assertEqual(set(lattice.get_elements(0b110)), {c, d})
def test_generate_integer_elements(self):
one = self.Node(1, True)
two = self.Node(2, True)
three = self.Node(3, True)
a = self.Node('a', False)
b = self.Node('b', False)
c = self.Node('c', False)
cfg_nodes = [one, two, three, a, b, c]
lattice = Lattice(cfg_nodes, self.AnalysisType)
self.assertEqual(lattice.el2bv[one], 0b1)
self.assertEqual(lattice.el2bv[two], 0b10)
self.assertEqual(lattice.el2bv[three], 0b100)
self.assertEqual(lattice.bv2el[0], three)
self.assertEqual(lattice.bv2el[1], two)
self.assertEqual(lattice.bv2el[2], one)
def test_is_sanitized_false(self):
cfg_node_1 = Node('Not sanitising at all',
None,
line_number=None,
path=None)
cfg_node_2 = Node('something.replace("this", "with this")',
None,
line_number=None,
path=None)
sinks_in_file = [
vulnerabilities.TriggerNode('replace', ['escape'], cfg_node_2)
]
sanitiser_dict = {'escape': [cfg_node_1]}
ReachingDefinitionsTaintAnalysis.get_lattice_elements = self.get_lattice_elements
lattice = Lattice([cfg_node_1, cfg_node_2],
analysis_type=ReachingDefinitionsTaintAnalysis)
constraint_table[cfg_node_1] = 0
constraint_table[cfg_node_2] = 0
result = vulnerabilities.is_sanitized(sinks_in_file[0], sanitiser_dict,
lattice)
self.assertEqual(result, False)
def test_in_constraint(self):
a = self.Node('x = 1', True)
b = self.Node('print(x)', False)
c = self.Node('x = 3', True)
d = self.Node('y = x', True)
lattice = Lattice([a, c, d], self.AnalysisType)
constraint_table[a] = 0b001
constraint_table[b] = 0b001
constraint_table[c] = 0b010
constraint_table[d] = 0b110
self.assertEqual(lattice.in_constraint(a, b), True)
self.assertEqual(lattice.in_constraint(a, a), True)
self.assertEqual(lattice.in_constraint(a, d), False)
self.assertEqual(lattice.in_constraint(a, c), False)
self.assertEqual(lattice.in_constraint(c, d), True)
self.assertEqual(lattice.in_constraint(d, d), True)
self.assertEqual(lattice.in_constraint(c, c), True)
self.assertEqual(lattice.in_constraint(c, a), False)
self.assertEqual(lattice.in_constraint(c, b), False)
def run_analysis(self, path, analysis_type):
self.cfg_create_from_file(path)
initialize_constraint_table([self.cfg])
self.analysis = FixedPointAnalysis(self.cfg, analysis_type)
self.analysis.fixpoint_runner()
return Lattice(self.cfg.nodes, analysis_type)
def test_meet(self):
# meet not used on lattice atm
return
a = self.Node('x = 1', True)
b = self.Node('print(x)', False)
c = self.Node('x = 3', True)
d = self.Node('y = x', True)
lattice = Lattice([a, c, d], self.AnalysisType)
# Constraint results after fixpoint:
lattice.table[a] = 0b0001
lattice.table[b] = 0b0001
lattice.table[c] = 0b0010
lattice.table[d] = 0b1010
r = lattice.meet([a, c], [c, d])
self.assertEqual(r, 0b10)
r = lattice.meet([a], [d])
self.assertEqual(r, 0b0)
r = lattice.meet([a, c, d], [a, c])
self.assertEqual(r, 0b011)
r = lattice.meet([c, d], [a, d])
self.assertEqual(r, 0b1010)
r = lattice.meet([], [])
self.assertEqual(r, 0b0)
r = lattice.meet([a], [])
self.assertEqual(r, 0b0)