configuration file

formalsec · Jul 15, 2024 · 0938564 · 0938564
1 parent 079cc89
commit 0938564
Show file tree

Hide file tree

Showing 42 changed files with 852 additions and 179 deletions.
diff --git a/.gitignore b/.gitignore
@@ -28,3 +28,5 @@ setup.log
 
 # Local OPAM switch
 _opam/
+
+package-lock.json
diff --git a/README.md b/README.md
@@ -20,5 +20,6 @@ opam install . --deps-only --with-test
 
 ```shell-session
 dune build
-dune runtest
+dune test
+dune install
 ```
diff --git a/bin/dune b/bin/dune
@@ -1,4 +1,12 @@
 (executable
  (public_name ast_gen)
  (name main)
- (libraries auxiliary ast mdg cmdliner))
+ (libraries auxiliary ast mdg cmdliner)
+)
+
+(install
+ (section lib)
+ (files 
+  (../config.json as config.json)
+ )
+)
diff --git a/bin/main.ml b/bin/main.ml
@@ -1,24 +1,22 @@
 open Cmdliner
 
-let main (filename : string) (output_path : string) (verbose : bool) (generate_mdg : bool) : int =
+let rec main (filename : string) (output_path : string) (config_path : string) (_multifile : bool) (generate_mdg : bool) (verbose : bool) : int =
   let filename = Auxiliary.File_system.real_path filename in 
   (* STEP 0 : Generate AST using Flow library *)
   match Auxiliary.Js_parser.from_file filename with
   | Ok ast ->
       (* create output fs structure *)
-      let graph_dir = output_path ^ "/graph/" in 
-      let run_dir   = output_path ^ "/run/" in
-      Auxiliary.File_system.create_dir graph_dir;
-      Auxiliary.File_system.create_dir run_dir;
+      let code_dir, graph_dir, _ = setup_output output_path in 
 
       (* STEP 1 : Normalize AST *)
       let norm_program = Ast.Normalize.program ast filename in
       let js_program = Ast.Pp.Js.print norm_program in
-      Auxiliary.File_system.write_to_file (graph_dir ^ "normalized.js") js_program;
+      Auxiliary.File_system.write_to_file (code_dir ^ "normalized.js") js_program;
 
       (* STEP 2 : Generate MDG for the normalized code *)
       if generate_mdg then (
-        let graph = Mdg.Analyse.program verbose norm_program in
+        let config = Mdg.Config.read config_path in 
+        let graph = Mdg.Analyse.program verbose config norm_program in
         Mdg.Pp.Dot.output graph_dir graph;
         Mdg.Pp.CSV.output graph_dir graph
       );
@@ -28,29 +26,48 @@ let main (filename : string) (output_path : string) (verbose : bool) (generate_m
       Format.eprintf "%s@." msg;
       1
 
+and setup_output (output_path : string) : (string * string * string) = 
+  let code_dir = output_path  ^ "/code/" in 
+  let graph_dir = output_path ^ "/graph/" in 
+  let run_dir   = output_path ^ "/run/" in
+  Auxiliary.File_system.create_dir code_dir;
+  Auxiliary.File_system.create_dir graph_dir;
+  Auxiliary.File_system.create_dir run_dir;
+
+  code_dir, graph_dir, run_dir
+
 
 
 (* setup comand line interface using CMDLiner library*)
 let input_file : string Term.t =
-  let doc = "" in
+  let doc = "Path to JavaScript file (.js) or directory containing JavaScript files for analysis." in
   let docv = "FILE" in
   Arg.(required & pos 0 (some non_dir_file) None & info [] ~doc ~docv)
 
-let verbose : bool Term.t =
-  let doc = "Enable verbose mode" in
-  Arg.(value & flag & info ["v"; "verbose"] ~doc)
+let multifile : bool Term.t =
+  let doc = "Analysis of a file and its dependencies instead of a single file." in
+  Arg.(value & flag & info ["m"; "multifile"] ~doc)
 
 let mdg : bool Term.t =
-  let doc = "Generate mdg" in
+  let doc = "Generates Multiversion Dependency Graph." in
   Arg.(value & flag & info ["mdg"] ~doc)
 
 let output_path : string Term.t =
-  let doc = "Output folder path" in
+  let doc = "Path to store all output files." in
   let default_path = "graphjs-results" in 
-  Arg.(value & opt string default_path & info ["o"] ~doc)
+  Arg.(value & opt string default_path & info ["o"; "output"] ~doc)
+
+let config_path : string Term.t =
+  let doc = "Path to configuration file." in
+  let default_path = "config.json" in 
+  Arg.(value & opt non_dir_file default_path & info ["c"; "config"] ~doc)
+
+let verbose : bool Term.t =
+  let doc = "Verbose mode." in
+  Arg.(value & flag & info ["v"; "verbose"] ~doc)
 
 let cli =
-  let cmd = Term.(const main $ input_file $ output_path $ verbose $ mdg) in
+  let cmd = Term.(const main $ input_file $ output_path $ config_path $ multifile $ mdg $ verbose) in
   let info = Cmd.info "ast_gen" in
   Cmd.v info cmd
 

diff --git a/config.json b/config.json
@@ -0,0 +1,264 @@
+{
+    "sinks": {
+        "code-injection": [
+            {
+                "sink": "eval",
+                "type": "function",
+                "args": [ 1 ]
+            },
+            {
+                "sink": "Function",
+                "type": "function",
+                "args": [ 1, 2, 3, 4 ]
+            },
+            {
+                "sink": "require",
+                "type": "function",
+                "args": [ 1 ]
+            },
+            {
+                "sink": "Function",
+                "type": "new",
+                "args": [ 1, 2, 3, 4 ]
+            },
+            {
+                "sink": "runInContext",
+                "type": "package",
+                "packages": [
+                    {"package": "vm", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "runInNewContext",
+                "type": "package",
+                "packages": [
+                    {"package": "vm", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "default",
+                "type": "package",
+                "packages": [
+                    {"package": "gray-matter", "args": [ 1 ]}
+                ]
+            }
+        ],
+        "command-injection": [
+            {
+                "sink": "exec",
+                "type": "package",
+                "packages": [
+                    {"package": "child_process", "args": [ 1 ]},
+                    {"package": "mz/child_process", "args": [ 1 ]},
+                    {"package": "shelljs", "args": [ 1 ]},
+                    {"package": "platform-command", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "execSync",
+                "type": "package",
+                "packages": [
+                    {"package": "child_process", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "execAsync",
+                "type": "package",
+                "packages": [
+                    {"package": "async-execute", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "execFile",
+                "type": "package",
+                "packages": [
+                    {"package": "child_process", "args": [ 1, 2 ]}
+                ]
+            },
+            {
+                "sink": "shell",
+                "type": "package",
+                "packages": [
+                    {"package": "execa", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "spawn",
+                "type": "package",
+                "packages": [
+                    {"package": "child_process", "args": [ 1, 2 ]}
+                ]
+            },
+            {
+                "sink": "write",
+                "type": "package",
+                "packages": [
+                    {"package": "comandante", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "cross-spawn",
+                "type": "function",
+                "args": [ 1, 2 ]
+            },
+            {
+                "sink": "im-metadata",
+                "type": "function",
+                "args": [ 1 ]
+            },
+            {
+                "sink": "meta-exec",
+                "type": "function",
+                "args": [ 1 ]
+            }
+        ],
+        "path-traversal": [
+            {
+                "sink": "readFile",
+                "type": "package",
+                "packages": [
+                    {"package": "fs", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "readFileSync",
+                "type": "package",
+                "packages": [
+                    {"package": "fs", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "writeFile",
+                "type": "package",
+                "packages": [
+                    {"package": "fs", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "writeFileSync",
+                "type": "package",
+                "packages": [
+                    {"package": "fs", "args": [ 1 ]}
+                ]
+            },
+            {
+                "sink": "createReadStream",
+                "type": "package",
+                "packages": [
+                    {"package": "fs", "args": [ 1 ]}
+                ]
+            }
+        ]
+    },
+    "sources": [
+        {
+            "source": "argv",
+            "type": "package",
+            "packages": [
+                {"package": "process", "args": [ 0 ]},
+                {"package": "yargs", "args": [ 0 ]}
+            ]
+        }
+    ],
+    "functions-signatures": {
+        "normalize": {
+            "package": "path",
+            "args_types": ["string"]
+        },
+        "join": {
+            "package": "path",
+            "args_types": ["string"],
+            "rest?": true
+        },
+        "resolve": {
+            "package": "path",
+            "args_types": ["string"],
+            "rest?": true
+        },
+        "isAbsolute": {
+            "package": "path",
+            "args_types": ["string"]
+        },
+        "relative": {
+            "package": "path",
+            "args_types": ["string", "string"]
+        },
+        "dirname": {
+            "package": "path",
+            "args_types": ["string"]
+        },
+        "basename": {
+            "package": "path",
+            "args_types": ["string", "string"]
+        },
+        "extname": {
+            "package": "path",
+            "args_types": ["string"]
+        },
+        "parse": {
+            "package": "path",
+            "args_types": ["string"]
+        },
+        "format": {
+            "package": "path",
+            "args_types": ["Object"]
+        }
+    },
+    "prototypes": {
+        "array": [
+            "concat",
+            "every",
+            "filter",
+            "find",
+            "findIndex",
+            "forEach",
+            "includes",
+            "indexOf",
+            "join",
+            "lastIndexOf",
+            "map",
+            "pop",
+            "push",
+            "reduce",
+            "reduceRight",
+            "reverse",
+            "shift",
+            "slice",
+            "some",
+            "sort",
+            "splice",
+            "unshift"
+        ],
+        "string": [
+            "charAt",
+            "charCodeAt",
+            "codePointAt",
+            "concat",
+            "endsWith",
+            "includes",
+            "indexOf",
+            "lastIndexOf",
+            "localeCompare",
+            "match",
+            "normalize",
+            "padEnd",
+            "padStart",
+            "repeat",
+            "replace",
+            "search",
+            "slice",
+            "split",
+            "startsWith",
+            "substring",
+            "toLocaleLowerCase",
+            "toLocaleUpperCase",
+            "toLowerCase",
+            "toString",
+            "toUpperCase",
+            "trim",
+            "trimEnd",
+            "trimStart",
+            "valueOf"
+        ]
+    }
+}
diff --git a/graphjs-results/code/normalized.js b/graphjs-results/code/normalized.js
@@ -0,0 +1,7 @@
+let f;
+f = function (o, x, y, z) {
+   z_dash = z + 1;
+   let v1;
+   v1 = o[x];
+   v1[y] = z_dash;
+}