Class: Tainted::Static

Inherits:
SyntaxTree::Visitor
  • Object
show all
Defined in:
lib/tainted/static.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(sources, _sinks) ⇒ Static

Returns a new instance of Static.



7
8
9
10
11
12
 
# File 'lib/tainted/static.rb', line 7

def initialize(sources, _sinks)
  super()

  @sources = sources
  @result = []
end

Instance Attribute Details

#resultObject (readonly)

Returns the value of attribute result.



5
6
7
 
# File 'lib/tainted/static.rb', line 5

def result
  @result
end

Instance Method Details

#parse_assign(node) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
 
# File 'lib/tainted/static.rb', line 30

def parse_assign(node)
  variable_name = node.target.value.value
  # pp node.value.class
  return unless node.value.is_a?(SyntaxTree::CallNode)

  method_name = node.value.message.value
  return unless @sources.include?(method_name&.to_sym)

  State.instance.var_dependencies[variable_name.to_sym][:tainted] = true
end

#parse_call(node) ⇒ Object 



41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/tainted/static.rb', line 41

def parse_call(node)
  arguments = node.arguments.arguments.parts

  taint_statuses =
    arguments.map { |arg| [arg, taint_status(arg.value.value.to_sym)] }

  method_name = node.message.value
  taint_statuses.each do |status|
    next unless status[1]

    @result << "Method `#{method_name}()` consuming tainted variable `#{status[0].value.value}`"
  end
end

#taint_status(var) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/tainted/static.rb', line 55

def taint_status(var)
  if State.instance.var_dependencies[var].key?(:tainted)
    return State.instance.var_dependencies[var][:tainted]
  end

  tainted = false
  unless State.instance.var_dependencies[var][:from].empty?
    State.instance.var_dependencies[var][:from].each do |from|
      tainted ||= taint_status(from)
    end
  end
  State.instance.var_dependencies[var][:tainted] = tainted
end

#visit(node) ⇒ Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/tainted/static.rb', line 14

def visit(node)
  nodes = node.child_nodes[0].child_nodes

  # First visit all assignments
  # mark tainted variables
  nodes
    .select { |child| child.is_a?(SyntaxTree::Assign) }
    .each { |child| parse_assign(child) }

  # Visit all call nodes
  # check if a tainted variable is passed to it
  nodes
    .select { |child| child.is_a?(SyntaxTree::CallNode) }
    .each { |child| parse_call(child) }
end