Пример #1
0
    def analyse_assignment_expression(self, assignment_node):
        '''
            type: 'AssigmentExpression';
            operator: '=' | '*=' | '**=' | '/=' | '%=' | '+=' | '-=' |'<<=' | '>>=' | '>>>=' | '&=' | '^=' | '|=';
            left: Identifier;
            right: Identifier;
        '''
        left = assignment_node['left']
        right = assignment_node['right']
        operator = assignment_node['operator']

        self.dispatcher(left)
        self.dispatcher(right)

        # Assignment node gets flow from right
        right_flow = right['flow']
        left_flow = left['flow']

        # we don't want to account for left sources: they will be overwritten
        left_flow.remove_sources()
        left_flow.remove_sanitizers()
        right_flow.remove_sinks()

        resulting_flow = Flow([right_flow, left_flow])
        assignment_node['flow'] = Flow([right_flow])

        # Variable from left gets flow from right
        # NOTE: left node doesn't need to get the flow from right
        # NOTE: we want to keep track of left sinks
        self.variable_flows[left['full_name']] = Flow([resulting_flow])

        # Check if left is sink
        self.vulnerabilities += resulting_flow.check_vulns()
Пример #2
0
    def analyse_call_expression(self, call_node):
        '''
            type: 'CallExpression';
            callee: Expression | Import;
            arguments: ArgumentListElement[];
        '''
        callee = call_node['callee']
        arguments = call_node['arguments']
        self.dispatcher(callee)
        callee_flow = callee['flow']

        argument_flows = []
        for argument in arguments:
            self.dispatcher(argument)
            argument_flows.append(argument['flow'])

        args_flow = Flow(argument_flows)
        args_flow.remove_sinks()

        call_flow = Flow([callee_flow, args_flow])
        call_node['flow'] = call_flow

        self.vulnerabilities += call_flow.check_vulns()