def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
self.knowledge = self.expr.is_tainted(self.knowledge)
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
knowledge.kinds[self.kind].nodes[self.id] = []
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# We have the function definition
if self.name in self.knowledge.function_def_nodes:
# TODO Function definition taint analysis is not fully complete
func_def_node = self.knowledge.function_def_nodes[self.name]
knowledge_for_func_call = self.knowledge
# Match the arguments from this func call to the func def
for arg_index in range(len(func_def_node.arguments)):
func_def_node.arguments[arg_index].name = self.arguments[
arg_index]
func_def_node.is_tainted()
# The function isn't defined here
else:
# Evaluate the current arguments as they are expressions
for argument in self.arguments:
self.knowledge = argument.is_tainted(self.knowledge)
return self.knowledge
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
self.knowledge.kinds[self.kind].nodes[self.id] = self.patterns
self.knowledge.kinds[self.kind].nodes[self.name].append(
[pat for pat in self.patterns])
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
self.knowledge = self.test.is_tainted(self.knowledge)
self.knowledge = self.true_expr.is_tainted(self.knowledge)
self.knowledge = self.false_expr.is_tainted(self.knowledge)
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# The children are handled by the ChildfulNode
self.knowledge = ChildfulNode.is_tainted(self, self.knowledge)
# The test must be handled last
self.knowledge = self.test.is_tainted(self.knowledge)
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# Handle the body instructions (like a ChildfulNode)
return_knowledge = ChildfulNode.is_tainted(self, self.knowledge)
self.knowledge = KindKnowledge(
) # Empty its knowledge so that the next call doesn't have values (yet)
return return_knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# For this node all we need to do is update our knowledge
# with the knowledge from all our children
for child in self.children:
# we're doing the check like this to a void cyclic dependencies
if child.kind == 'function':
# Store it and don't analyse it yet
self.knowledge.function_def_nodes[child.name] = child
else:
self.knowledge = child.is_tainted(self.knowledge)
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# Evaluate the right expression
self.knowledge = self.right_expr.is_tainted(self.knowledge)
# Evaluate the left expression
self.knowledge = self.left_expr.is_tainted(self.knowledge)
# Give the right expression's patterns to the left one
self.knowledge.kinds[self.left_expr.kind].nodes[self.left_expr.name] = \
self.knowledge.kinds[self.right_expr.kind].nodes[self.right_expr.id]
# Record that we learned this (un)taintness and return it out
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
for arg in self.arguments:
indexation_name_or_id = ""
if hasattr(arg, 'name'):
indexation_name_or_id = arg.name
else:
indexation_name_or_id = arg.id
self.knowledge = arg.is_tainted(self.knowledge)
self.knowledge.kinds[self.kind].nodes[self.name]\
.append(self.knowledge.kinds[arg.kind].nodes[arg.name])
patterns_list = self.knowledge.kinds[self.kind].nodes[self.name]
for pattern in flatten(patterns_list):
sinks_list = pattern.get_sinks()
if self.name in sinks_list:
print(
"===================================================================="
)
print(
" VULNERABILITY "
)
print(
" FOUND "
)
print(
" "
)
print("Vulnerability Name: " +
pattern.get_vulnerability_name().__repr__())
print("Possible sanitizations: " +
pattern.get_sanitization_functions().__repr__())
print(
"===================================================================="
)
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# Handle the init block (its a list)
for init_instruction in self.init:
self.knowledge = init_instruction.is_tainted(self.knowledge)
# Handle the test instructions (check assumptions, its a list)
for test_instruction in self.test:
self.knowledge = test_instruction.is_tainted(self.knowledge)
# Handle the body instructions (like a ChildfulNode)
self.knowledge = ChildfulNode.is_tainted(self, self.knowledge)
# Handle the increment instructions (check assumptions, its a list)
for increment_instructions in self.increment:
self.knowledge = increment_instructions.is_tainted(self.knowledge)
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# Evaluate all the expressions
for exp in self.value:
indexation_name_or_id = ""
if hasattr(exp, 'name'):
indexation_name_or_id = exp.name
else:
indexation_name_or_id = exp.id
self.knowledge = exp.is_tainted(self.knowledge)
# Give each expr's patterns to the encapsed one
self.knowledge.kinds[self.kind].nodes[self.id]\
.append(self.knowledge.kinds[exp.kind].nodes[indexation_name_or_id])
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
sanitized_something = False
for arg in self.arguments:
indexation_name_or_id = ""
if hasattr(arg, 'name'):
indexation_name_or_id = arg.name
else:
indexation_name_or_id = arg.id
new_patterns_lists = []
patterns_lists = self.knowledge.kinds[
arg.kind].nodes[indexation_name_or_id]
for patterns_list in patterns_lists:
new_patterns_list = []
for pattern in patterns_list:
sanits_list = pattern.get_sanitization_functions()
if self.name not in sanits_list:
new_patterns_list.append(pattern)
else:
sanitized_something = True
new_patterns_lists.append(new_patterns_list)
self.knowledge.kinds[
arg.kind].nodes[indexation_name_or_id] = new_patterns_lists
if sanitized_something:
print("The function " + self.name + " sanitized the input.")
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
self.knowledge = CycleNode.is_tainted(self, self.knowledge)
return self.knowledge
def is_tainted(self, knowledge):
# check if all we need to do is update with the previous knowledge
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
return self.knowledge