-
Notifications
You must be signed in to change notification settings - Fork 0
/
TaintedObjectData.js
96 lines (82 loc) · 3.1 KB
/
TaintedObjectData.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
//IASTIGNORE
/*
* ****************************************************
* Licensed Materials - Property of HCL.
* (c) Copyright HCL Technologies Ltd. 2017, 2024.
* Note to U.S. Government Users *Restricted Rights.
* ****************************************************
*/
'use strict'
const taintedObjectDataFlow = require('./TaintedObjectDataFlow')
const StackInfo = require('./StackInfo')
const TaintTracker = require('./TaintTracker')
function TaintedObjectData () {
this.flows = []
this.addToStackList = function (stackInfo) {
for (const flow of this.flows) {
flow.addToStackInfoList(stackInfo)
}
}
this.updateSourceStackInfo = function (stackInfo) {
for (const flow of this.flows) {
flow.stackInfoList[0] = stackInfo
}
}
// this version for opsModPlus
this.addDataToStackList = function (type, object, signature, args, returnValue) {
const stackInfo = new StackInfo(type, StackInfo.getParamsStringArrayPostHook(object, signature, args, returnValue), null, new global.origError())
this.addToStackList(stackInfo)
}
this.sinkTrigger = function (vulnerability) {
for (const flow of this.flows) { flow.sinkTrigger(vulnerability) }
}
this.merge = function (otherTaintedObjectData, parameters) {
if (otherTaintedObjectData !== undefined) {
const mergeWithSelf = otherTaintedObjectData === this
for (const flow of otherTaintedObjectData.flows) {
const targetFlow = mergeWithSelf ? flow : flow.getCopy()
if (!mergeWithSelf){
this.flows.push(targetFlow) // TODO: merge based on hash
}
if (parameters != null){
targetFlow.addToStackInfoList(new StackInfo(TaintTracker.HookRuleType.PROPAGATOR, parameters, null, new global.origError()))
}
}
}
}
// needed for opsModPlus to avoid the need to include more files
this.getCopy = function () {
const taintedData = new TaintedObjectData()
taintedData.merge(this, null)
return taintedData
}
this.addToTaskList = function (task) {
for (const flow of this.flows) {
flow.addToTaskList(task)
}
}
this.isTaintedForVulnerability = (vulnerability) => {
for (const flow of this.flows) {
if (flow.isTaintedForVulnerability(vulnerability)) {
return true
}
}
return false
}
}
module.exports.taintedObjectDataWithFlow = (requestInfo, entityName, entityValue, entityType) => {
const taintedData = new TaintedObjectData()
const flow = new taintedObjectDataFlow(requestInfo, entityName, entityValue, entityType)
taintedData.flows.push(flow)
return taintedData
}
// module.exports.copyTaintedObjectData = (otherTaintedObjectData) => {
// let taintedData = new TaintedObjectData()
// if (otherTaintedObjectData !== undefined) {
// for (let flow of otherTaintedObjectData.flows) {
// taintedData.flows.push(JSON.parse(JSON.origStringify(flow))) // TODO: merge based on hash
// }
// }
// return taintedData
// }
module.exports.TaintedObjectData = TaintedObjectData