Created
June 20, 2019 10:55
-
-
Save markshannon/8dd0e358913c98c4c3eadbd21eb865c4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Extending taint-tracking to support tracking through iteration is a bit fiddly prior in 1.20 and earlier | |
| // We need to track both getting an item from the iterable *and* the assignment to the target variable. | |
| /* Track the implicit `next` operation */ | |
| class NextItemExtension extends DataFlow::Extension { | |
| ForNode for; | |
| NextItemExtension() { | |
| for.iterates(_, this) | |
| } | |
| override ControlFlowNode getASuccessorNode(TaintKind fromkind, TaintKind tokind) { | |
| for.iterates(result, this) and | |
| ( | |
| fromkind.(SequenceKind).getItem() = tokind | |
| // Insert any other kinds that you wish to support here. E.g. iterating over a file produces strings. | |
| ) | |
| } | |
| } | |
| /* Track the assignement to the iteration variable */ | |
| class IterAssignmentExtension extends DataFlow::Extension { | |
| IterationDefinition def; | |
| IterAssignmentExtension() { | |
| def.getDefiningNode() = this | |
| } | |
| override EssaVariable getASuccessorVariable() { | |
| result = def.getVariable() | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment