Class: SCNR::Introspector

Inherits:
Object
  • Object
show all
Includes:
Rack::Utils
Defined in:
lib/scnr/introspector.rb,
lib/scnr/introspector/error.rb,
lib/scnr/introspector/scope.rb,
lib/scnr/introspector/version.rb,
lib/scnr/introspector/coverage.rb,
lib/scnr/introspector/data_flow.rb,
lib/scnr/introspector/data_flow/sink.rb,
lib/scnr/introspector/execution_flow.rb,
lib/scnr/introspector/data_flow/scope.rb,
lib/scnr/introspector/coverage/resource.rb,
lib/scnr/introspector/execution_flow/point.rb,
lib/scnr/introspector/execution_flow/scope.rb,
lib/scnr/introspector/coverage/resource/line.rb

Defined Under Namespace

Modules: Overloads Classes: Coverage, DataFlow, Error, ExecutionFlow, Scope

Constant Summary collapse

OVERLOAD =

Coverage.enable

[
  [:erb, :Templates],
  [:test, [:SCNR, :Introspector, :Test]]
]
VERSION = 
IO.read( File.dirname( __FILE__ ) + '/version' ).strip

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, options = {}) ⇒ Introspector

Returns a new instance of Introspector.



152
153
154
155
156
157
158
159
 
# File 'lib/scnr/introspector.rb', line 152

def initialize( app, options = {} )
    @app     = app
    @options = options

    overload_application

    @mutex = Mutex.new
end

Class Method Details

.data_flowsObject 



77
78
79
 
# File 'lib/scnr/introspector.rb', line 77

def data_flows
    @data_flows ||= {}
end

.filter_caller(a) ⇒ Object 



91
92
93
94
95
96
 
# File 'lib/scnr/introspector.rb', line 91

def filter_caller( a )
    dir = File.dirname( __FILE__ )
    a.reject do |c|
        c.start_with?( dir ) || c.include?( 'trace_point' )
    end
end

.find_and_log_taint(object, method, args) ⇒ Object 



98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# File 'lib/scnr/introspector.rb', line 98

def find_and_log_taint( object, method, args )
    taint = @taint
    return if !taint

    tainted = find_taint_in_arguments( taint, args )
    return if !tainted

    sink = DataFlow::Sink.new(
      object:       object.to_s,
      method_name:  method.to_s,
      arguments:    args,
      tainted_argument_index: tainted[0],
      tainted_value:          tainted[1].to_s,
      backtrace:    filter_caller( Kernel.caller )
    )
    log_sinks( taint, sink )
end

.find_taint_in_arguments(taint, args) ⇒ Object 



116
117
118
119
120
121
122
123
124
125
 
# File 'lib/scnr/introspector.rb', line 116

def find_taint_in_arguments( taint, args )
    args.each.with_index do |arg, i|
        value = find_taint_recursively( taint, arg, i )
        next if !value

        return [i, value]
    end

    nil
end

.find_taint_recursively(taint, object, depth) ⇒ Object 



127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'lib/scnr/introspector.rb', line 127

def find_taint_recursively( taint, object, depth )
    case object
    when Hash
        object.each do |k, v|
            t = find_taint_recursively( taint, v, depth )
            return t if t
        end

    when Array
        object.each do |v|
            t = find_taint_recursively( taint, v, depth )
            return t if t
        end

    when String
        return object if object.include? taint

    else
        nil
    end

    nil
end

.log_sinks(taint, sink) ⇒ Object 



85
86
87
88
89
 
# File 'lib/scnr/introspector.rb', line 85

def log_sinks( taint, sink )
    synchronize do
        (self.data_flows[taint] ||= DataFlow.new).sinks << sink
    end
end

.overload(object, m) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/scnr/introspector.rb', line 52

def overload( object, m )
    ov = <<EORUBY
module Overloads
module #{object.to_s.split( '::' ).join}Overload
    def #{m}( *args )
        SCNR::Introspector.find_and_log_taint( #{object}, :#{m}, args )   
        super *args
    end
end
end

#{object}.prepend Overloads::#{object.to_s.split( '::' ).join}Overload
EORUBY
    eval ov
    eval ov
end

.synchronize(&block) ⇒ Object 



81
82
83
 
# File 'lib/scnr/introspector.rb', line 81

def synchronize( &block )
    @mutex.synchronize( &block )
end

.taint_seedObject 



73
74
75
 
# File 'lib/scnr/introspector.rb', line 73

def taint_seed
    @taint
end

.taint_seed=(t) ⇒ Object 



69
70
71
 
# File 'lib/scnr/introspector.rb', line 69

def taint_seed=( t )
    @taint = t
end

Instance Method Details

#call(env) ⇒ Object 



172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
 
# File 'lib/scnr/introspector.rb', line 172

def call( env )
    info = Set.new
    info << :platforms

    if env.delete( 'HTTP_X_SCNR_INTROSPECTOR_TRACE' )
        info << :data_flow
        info << :execution_flow
    end

    inject( env, info )

rescue => e
    pp e
    pp e.backtrace
end

#dbObject 



265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
 
# File 'lib/scnr/introspector.rb', line 265

def db
    return if !rails?

    case ActiveRecord::Base.connection.adapter_name
    when 'PostgreSQL'
        :pgsql

    when 'MySQL'
        :mysql

    when 'SQLite3'
        :sqlite

    else
        nil

    end
end

#inject(env, info = []) ⇒ Object 



188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
 
# File 'lib/scnr/introspector.rb', line 188

def inject( env, info = [] )
    self.class.taint_seed = env.delete( 'HTTP_X_SCNR_INTROSPECTOR_TAINT' )
    seed                  = env.delete( 'HTTP_X_SCNR_ENGINE_SCAN_SEED' )

    data = {}

    response = nil
    if info.include? :execution_flow

        execution_flow = nil
        synchronize do
            execution_flow = ExecutionFlow.new @options do
                response = @app.call( env )
            end
        end

        data['execution_flow'] = execution_flow.to_rpc_data
    else
        response = @app.call( env )
    end

    if info.include? :platforms
        data['platforms'] = self.platforms
    end

    if info.include?( :coverage ) && Coverage.enabled?
        data['coverage'] = Coverage.new( @options ).retrieve_results
    end

    if info.include?( :data_flow ) && self.class.taint_seed
        data['data_flow'] = self.class.data_flows.delete( self.class.taint_seed )&.to_rpc_data
    end

    code    = response.shift
    headers = response.shift
    body    = response.shift

    body << "<!-- #{seed}\n#{JSON.dump( data )}\n#{seed} -->"
    headers['Content-Length'] = body.map(&:bytesize).inject(&:+)

    [code, headers, body ]
end

#osSymbol

Returns OS platform type to use for Options#platforms.

Returns:

  • (Symbol)

    OS platform type to use for Options#platforms.



242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
 
# File 'lib/scnr/introspector.rb', line 242

def os
    @os ||= (
        host_os = RbConfig::CONFIG['host_os']

        case host_os
            when /mswin|msys|mingw|cygwin|bccwin|wince|emc/
                :windows

            when /linux/
                :linux

            when /darwin|mac os|bsd/
                :bsd

            when /solaris/
                :solaris

            else
                nil
        end
    )
end

#overload_applicationObject 



161
162
163
164
165
166
 
# File 'lib/scnr/introspector.rb', line 161

def overload_application
    @app.methods.each do |m|
        next if @app.method( m ).parameters.empty?
        self.class.overload( @app.class, m )
    end
end

#platformsObject 



231
232
233
234
235
236
237
 
# File 'lib/scnr/introspector.rb', line 231

def platforms
    platforms = [:ruby, os, db]
    if rails?
        platforms << :rails
    end
    platforms.compact
end

#rails?Boolean

Returns:

  • (Boolean) 


284
285
286
287
288
 
# File 'lib/scnr/introspector.rb', line 284

def rails?
    if defined? Rails
        return @app.is_a? Rails::Application
    end
end

#synchronize(&block) ⇒ Object 



168
169
170
 
# File 'lib/scnr/introspector.rb', line 168

def synchronize( &block )
    @mutex.synchronize( &block )
end