def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
for arg in self.arguments:
indexation_name_or_id = ""
if hasattr(arg, 'name'):
indexation_name_or_id = arg.name
else:
indexation_name_or_id = arg.id
self.knowledge = arg.is_tainted(self.knowledge)
self.knowledge.kinds[self.kind].nodes[self.name]\
.append(self.knowledge.kinds[arg.kind].nodes[arg.name])
patterns_list = self.knowledge.kinds[self.kind].nodes[self.name]
for pattern in flatten(patterns_list):
sinks_list = pattern.get_sinks()
if self.name in sinks_list:
print(
"===================================================================="
)
print(
" VULNERABILITY "
)
print(
" FOUND "
)
print(
" "
)
print("Vulnerability Name: " +
pattern.get_vulnerability_name().__repr__())
print("Possible sanitizations: " +
pattern.get_sanitization_functions().__repr__())
print(
"===================================================================="
)
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# Handle the init block (its a list)
for init_instruction in self.init:
self.knowledge = init_instruction.is_tainted(self.knowledge)
# Handle the test instructions (check assumptions, its a list)
for test_instruction in self.test:
self.knowledge = test_instruction.is_tainted(self.knowledge)
# Handle the body instructions (like a ChildfulNode)
self.knowledge = ChildfulNode.is_tainted(self, self.knowledge)
# Handle the increment instructions (check assumptions, its a list)
for increment_instructions in self.increment:
self.knowledge = increment_instructions.is_tainted(self.knowledge)
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
# Evaluate all the expressions
for exp in self.value:
indexation_name_or_id = ""
if hasattr(exp, 'name'):
indexation_name_or_id = exp.name
else:
indexation_name_or_id = exp.id
self.knowledge = exp.is_tainted(self.knowledge)
# Give each expr's patterns to the encapsed one
self.knowledge.kinds[self.kind].nodes[self.id]\
.append(self.knowledge.kinds[exp.kind].nodes[indexation_name_or_id])
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
sanitized_something = False
for arg in self.arguments:
indexation_name_or_id = ""
if hasattr(arg, 'name'):
indexation_name_or_id = arg.name
else:
indexation_name_or_id = arg.id
new_patterns_lists = []
patterns_lists = self.knowledge.kinds[
arg.kind].nodes[indexation_name_or_id]
for patterns_list in patterns_lists:
new_patterns_list = []
for pattern in patterns_list:
sanits_list = pattern.get_sanitization_functions()
if self.name not in sanits_list:
new_patterns_list.append(pattern)
else:
sanitized_something = True
new_patterns_lists.append(new_patterns_list)
self.knowledge.kinds[
arg.kind].nodes[indexation_name_or_id] = new_patterns_lists
if sanitized_something:
print("The function " + self.name + " sanitized the input.")
return self.knowledge
def is_tainted(self, knowledge):
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
self.knowledge = CycleNode.is_tainted(self, self.knowledge)
return self.knowledge
def is_tainted(self, knowledge):
# check if all we need to do is update with the previous knowledge
self.knowledge = KindKnowledge.union(self.knowledge, knowledge)
return self.knowledge