-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Taint summary requires "source_lineno" and "sink_lineno" #3
Comments
Reopening as I think {
"vuln_type" : "code-injection",
"source" : "f1",
"sink" : "anon",
"tainted_params" : [ "a" ],
"params_types" : { "a" : "string" },
"return" : {
"vuln_type" : "code-injection", <- this
"source" : "",
"sink" : "eval",
"tainted_params" : [ "b" ],
"params_types" : { "b" : "number" }
} We can use this issue to determine the rest of json associations that can be optional:
Current summary type: type vuln_conf =
{ ty : vuln_type
; source : string
; source_lineno : int option (* optional *)
; sink : string
; sink_lineno : int option (* optional *)
; tainted_params : string list
; params : (string * param_type) list
; return : vuln_conf option (* optional *)
} |
I agree, I think all of those can be optional. In the nested |
Correct. However, we probably need another assoc type, perhaps named module.exports = function() {
function Obj(a) { this.a = a }
Obj.prototype.f = function(b) {
if (b > 0) {
eval(this.a);
}
}
return Obj;
} Where we want to call The summary would be: {
"vuln_type" : "code-injection",
"source" : "module.exports",
"tainted_params" : [ ],
"params_types" : { },
"return_obj" : {
"source" : "f",
...
} |
True. I haven't done those queries but I think I'll be able to do the summaries like that. |
I tried to remove the "source_lineno" and "sink_lineno" from the taint summaries but when trying to generate the symbolic tests, the following error appears:
Instrumentor2: internal error, uncaught exception: Yojson__Basic.Util.Type_error("Expected int, got null", 870828711)
.It's far from critical, I re-added the lines and it's working :)
The text was updated successfully, but these errors were encountered: