Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Taint objects #94

Merged
merged 6 commits into from
Jan 18, 2024
Merged

Taint objects #94

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
721dd0b
Initial NewTaintedObject
iunanua Jan 12, 2024
ce2eb99
Return buffer length checking the object type
iunanua Jan 16, 2024
fd315f6
Refactor string_methods to taint_methods
iunanua Jan 16, 2024
1e7408b
linters
iunanua Jan 16, 2024
3abc6c9
linter again
iunanua Jan 17, 2024
68d85f2
Do not taint string with newTaintedObject method
iunanua Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion binding.gyp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"./src/tainted/tainted_object.cc",
"./src/tainted/transaction.cc",
"./src/tainted/string_resource.cc",
"./src/api/string_methods.cc",
"./src/api/taint_methods.cc",
"./src/api/concat.cc",
"./src/api/trim.cc",
"./src/api/slice.cc",
Expand Down
4 changes: 4 additions & 0 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ try {
newTaintedString (transactionId, original) {
return original
},
newTaintedObject (transactionId, original) {
return original
},
addSecureMarksToTaintedString (transactionId, original) {
return original
},
Expand Down Expand Up @@ -58,6 +61,7 @@ try {

const iastNativeMethods = {
newTaintedString: addon.newTaintedString,
newTaintedObject: addon.newTaintedObject,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Type declaration for the new method in index.d.ts file is missing

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#95

addSecureMarksToTaintedString: addon.addSecureMarksToTaintedString,
isTainted: addon.isTainted,
getMetrics: addon.getMetrics,
Expand Down
8 changes: 4 additions & 4 deletions src/api/concat.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,23 +37,23 @@ void TaintConcatOperator(const FunctionCallbackInfo<Value>& args) {
return;
}

auto transaction = GetTransaction(utils::GetLocalStringPointer(args[0]));
auto transaction = GetTransaction(utils::GetLocalPointer(args[0]));
hoolioh marked this conversation as resolved.
Show resolved Hide resolved
if (transaction == nullptr) {
args.GetReturnValue().Set(args[1]);
return;
}

try {
auto argsSize = args.Length();
auto taintedObj = transaction->FindTaintedObject(utils::GetLocalStringPointer(args[2]));
auto taintedObj = transaction->FindTaintedObject(utils::GetLocalPointer(args[2]));
auto ranges = taintedObj ? taintedObj->getRanges() : nullptr;
bool usingFirstParamRanges = ranges != nullptr;

if (ranges == nullptr || ranges->Size() < Limits::MAX_RANGES) {
int offset = utils::GetCoercedLength(isolate, args[2]);
for (int i = 3; i < argsSize; i++) {
auto taintedObj = transaction->FindTaintedObject(
utils::GetLocalStringPointer(args[i]));
utils::GetLocalPointer(args[i]));
auto argRanges = taintedObj ? taintedObj->getRanges() : nullptr;
if (argRanges != nullptr) {
if (ranges == nullptr) {
Expand Down Expand Up @@ -85,7 +85,7 @@ void TaintConcatOperator(const FunctionCallbackInfo<Value>& args) {
}

if (ranges != nullptr) {
auto key = utils::GetLocalStringPointer(args[1]);
auto key = utils::GetLocalPointer(args[1]);
transaction->AddTainted(key, ranges, args[1]);
args.GetReturnValue().Set(args[1]);
return;
Expand Down
2 changes: 1 addition & 1 deletion src/api/metrics.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ void GetMetrics(const FunctionCallbackInfo<Value>& args) {
return;
}

uintptr_t transactionId = utils::GetLocalStringPointer(args[0]);
uintptr_t transactionId = utils::GetLocalPointer(args[0]);
auto transaction = GetTransaction(transactionId);
if (!transaction) {
args.GetReturnValue().SetNull();
Expand Down
18 changes: 9 additions & 9 deletions src/api/replace.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ using v8::Integer;
using v8::Int32;

using iast::tainted::Range;
using iast::utils::GetLocalStringPointer;
using iast::utils::GetLocalPointer;

namespace iast {
namespace api {
Expand Down Expand Up @@ -209,7 +209,7 @@ void TaintReplaceStringByStringMethod(const FunctionCallbackInfo<Value>& args) {
return;
}

auto transaction = GetTransaction(GetLocalStringPointer(args[0]));
auto transaction = GetTransaction(GetLocalPointer(args[0]));
if (!transaction) {
args.GetReturnValue().Set(replaceResult);
return;
Expand All @@ -218,8 +218,8 @@ void TaintReplaceStringByStringMethod(const FunctionCallbackInfo<Value>& args) {
try {
MatcherArguments methodArguments = {args[1], args[2], args[3], args[4], args[5]};

auto taintedSubject = transaction->FindTaintedObject(GetLocalStringPointer(methodArguments.self));
auto taintedReplacer = transaction->FindTaintedObject(GetLocalStringPointer(methodArguments.replacer));
auto taintedSubject = transaction->FindTaintedObject(GetLocalPointer(methodArguments.self));
auto taintedReplacer = transaction->FindTaintedObject(GetLocalPointer(methodArguments.replacer));
auto subjectRanges = (taintedSubject) ? taintedSubject->getRanges() : nullptr;
auto replacerRanges = (taintedReplacer) ? taintedReplacer->getRanges() : nullptr;

Expand All @@ -236,7 +236,7 @@ void TaintReplaceStringByStringMethod(const FunctionCallbackInfo<Value>& args) {
if (resultLength == 1) {
replaceResult = tainted::NewExternalString(isolate, replaceResult);
}
auto key = GetLocalStringPointer(replaceResult);
auto key = GetLocalPointer(replaceResult);
transaction->AddTainted(key, newRanges, replaceResult);
}
} catch (const std::bad_alloc& err) {
Expand All @@ -257,7 +257,7 @@ void TaintReplaceStringByStringUsingRegexMethod(const FunctionCallbackInfo<Value
return;
}

auto transaction = GetTransaction(GetLocalStringPointer(args[0]));
auto transaction = GetTransaction(GetLocalPointer(args[0]));
if (!transaction) {
args.GetReturnValue().Set(replaceResult);
return;
Expand All @@ -266,8 +266,8 @@ void TaintReplaceStringByStringUsingRegexMethod(const FunctionCallbackInfo<Value
try {
MatcherArguments methodArguments = {args[1], args[2], args[3], args[4], args[5]};

auto taintedSubject = transaction->FindTaintedObject(GetLocalStringPointer(methodArguments.self));
auto taintedReplacer = transaction->FindTaintedObject(GetLocalStringPointer(methodArguments.replacer));
auto taintedSubject = transaction->FindTaintedObject(GetLocalPointer(methodArguments.self));
auto taintedReplacer = transaction->FindTaintedObject(GetLocalPointer(methodArguments.replacer));
auto subjectRanges = (taintedSubject) ? taintedSubject->getRanges() : nullptr;
auto replacerRanges = (taintedReplacer) ? taintedReplacer->getRanges() : nullptr;

Expand All @@ -288,7 +288,7 @@ void TaintReplaceStringByStringUsingRegexMethod(const FunctionCallbackInfo<Value
if (resultLength == 1) {
replaceResult = tainted::NewExternalString(args.GetIsolate(), replaceResult);
}
auto key = utils::GetLocalStringPointer(replaceResult);
auto key = utils::GetLocalPointer(replaceResult);
transaction->AddTainted(key, newRanges, replaceResult);
}
} catch (const std::bad_alloc& err) {
Expand Down
8 changes: 4 additions & 4 deletions src/api/slice.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ using v8::Isolate;
using v8::String;
using v8::NewStringType;
using v8::Exception;
using utils::GetLocalStringPointer;
using utils::GetLocalPointer;
using utils::getRangesInSlice;

void slice(const FunctionCallbackInfo<Value>& args) {
Expand All @@ -47,13 +47,13 @@ void slice(const FunctionCallbackInfo<Value>& args) {

int sliceStart = args[3]->IntegerValue(context).FromJust();

Transaction* transaction = GetTransaction(GetLocalStringPointer(args[0]));
Transaction* transaction = GetTransaction(GetLocalPointer(args[0]));
if (transaction == nullptr) {
args.GetReturnValue().Set(vResult);
return;
}

auto taintedObj = transaction->FindTaintedObject(GetLocalStringPointer(vSubject));
auto taintedObj = transaction->FindTaintedObject(GetLocalPointer(vSubject));

if (!taintedObj) {
args.GetReturnValue().Set(vResult);
Expand All @@ -71,7 +71,7 @@ void slice(const FunctionCallbackInfo<Value>& args) {
if (resultLength == 1) {
vResult = tainted::NewExternalString(isolate, args[1]);
}
transaction->AddTainted(GetLocalStringPointer(vResult), newRanges, vResult);
transaction->AddTainted(GetLocalPointer(vResult), newRanges, vResult);
}
} catch (const std::bad_alloc& err) {
} catch (const container::QueuedPoolBadAlloc& err) {
Expand Down
14 changes: 7 additions & 7 deletions src/api/substring.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ using v8::Object;
using v8::String;
using v8::Value;

using iast::utils::GetLocalStringPointer;
using iast::utils::GetLocalPointer;
using iast::utils::getRangesInSlice;

namespace iast {
Expand Down Expand Up @@ -68,7 +68,7 @@ void substring(const FunctionCallbackInfo<Value>& args) {
args.GetReturnValue().Set(result);
return;
}
auto transaction = GetTransaction(GetLocalStringPointer(args[0]));
auto transaction = GetTransaction(GetLocalPointer(args[0]));
if (transaction == nullptr) {
args.GetReturnValue().Set(result);
return;
Expand All @@ -79,7 +79,7 @@ void substring(const FunctionCallbackInfo<Value>& args) {
return;
}

auto taintedObj = transaction->FindTaintedObject(GetLocalStringPointer(subject));
auto taintedObj = transaction->FindTaintedObject(GetLocalPointer(subject));
if (!taintedObj) {
args.GetReturnValue().Set(result);
return;
Expand All @@ -92,7 +92,7 @@ void substring(const FunctionCallbackInfo<Value>& args) {
if (resultLen == 1) {
result = tainted::NewExternalString(isolate, args[1]);
}
transaction->AddTainted(GetLocalStringPointer(result), newRanges, result);
transaction->AddTainted(GetLocalPointer(result), newRanges, result);
}
} catch (const std::bad_alloc& err) {
} catch (const container::QueuedPoolBadAlloc& err) {
Expand Down Expand Up @@ -135,7 +135,7 @@ void substr(const FunctionCallbackInfo<Value>& args) {
length = TO_INTEGER_VALUE(args[4], context);
}

auto transaction = GetTransaction(GetLocalStringPointer(args[0]));
auto transaction = GetTransaction(GetLocalPointer(args[0]));
if (transaction == nullptr) {
args.GetReturnValue().Set(result);
return;
Expand All @@ -146,7 +146,7 @@ void substr(const FunctionCallbackInfo<Value>& args) {
return;
}

auto taintedObj = transaction->FindTaintedObject(GetLocalStringPointer(subject));
auto taintedObj = transaction->FindTaintedObject(GetLocalPointer(subject));
if (!taintedObj) {
args.GetReturnValue().Set(result);
return;
Expand All @@ -161,7 +161,7 @@ void substr(const FunctionCallbackInfo<Value>& args) {
if (resultLen == 1) {
result = tainted::NewExternalString(isolate, args[1]);
}
transaction->AddTainted(GetLocalStringPointer(result), newRanges, result);
transaction->AddTainted(GetLocalPointer(result), newRanges, result);
}
} catch (const std::bad_alloc& err) {
} catch (const container::QueuedPoolBadAlloc& err) {
Expand Down
Loading
Loading