From 62db829c36e6bd69743c74b3c60208b0116ad33d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Tavares?= Date: Wed, 24 Jul 2024 16:30:13 +0100 Subject: [PATCH] sink aliases implemented --- lib/mdg/analyse.ml | 11 +++++++++-- lib/mdg/analysis/sinkAliases.ml | 31 +++++++++++++++++++++++++------ lib/setup/config.ml | 11 +++++++++++ 3 files changed, 45 insertions(+), 8 deletions(-) diff --git a/lib/mdg/analyse.ml b/lib/mdg/analyse.ml index 92b2d7e..fff2470 100644 --- a/lib/mdg/analyse.ml +++ b/lib/mdg/analyse.ml @@ -375,10 +375,12 @@ let rec program (is_verbose : bool) (config_path : string) ((_, program) : m Pro let init_state = BuildMDG.init program.functions in let state, analysis = BuildMDG.run init_state program.body in - let _exportsObject, config = get_analysis_output (Analysis.finish analysis) in + (* process auxiliary analysis outputs*) + let exportsObject, config = get_analysis_output (Analysis.finish analysis) in add_taint_sinks state config; add_taint_sources state config; + buildExportsObject state exportsObject; state.graph; @@ -422,4 +424,9 @@ and add_taint_sinks (state : State.t) (config : Config.t) : unit = ) graph; -and add_taint_sources (_state : State.t) (_config : Config.t) : unit = () \ No newline at end of file +and add_taint_sources (_state : State.t) (_config : Config.t) : unit = + (* TODO *) + () + +and buildExportsObject (_state : State.t) (_exportsObject : buildExportsObject) : unit = + () \ No newline at end of file diff --git a/lib/mdg/analysis/sinkAliases.ml b/lib/mdg/analysis/sinkAliases.ml index cad8a0b..4b772a6 100644 --- a/lib/mdg/analysis/sinkAliases.ml +++ b/lib/mdg/analysis/sinkAliases.ml @@ -1,5 +1,7 @@ open Ast.Grammar open Setup +open Auxiliary.Functions +open Config module type InitConfig = sig val filename : string @@ -8,14 +10,31 @@ end module Analysis (Init : InitConfig) : AbstractAnalysis.T = struct type t = AnalysisType.sinkAliases - let analyse (analysis : t) (_statement : m Statement.t) : t = - (* match statement with - | _, AssignSimple {left; right} -> analysis - | _, StaticLookup {left; _object; property}-> analysis + let analyse (config : t) (statement : m Statement.t) : t = + match statement with + | _, AssignSimple {left; right} -> + let right = Expression.get_id_opt right in + map_default (fun right -> + let sink = Config.get_function_sink_info config right in + map_default (fun (sink : functionSink) -> + let alias = Identifier.get_name left in + Config.add_function_sink config {sink = alias; args = sink.args} + ) config sink; + + ) config right + + | _, StaticLookup {left; _object; property; _} -> + let _object = Expression.get_id_opt _object in + map_default (fun obj -> + let package = Config.get_package_sink_info config obj property in + map_default (fun (package : package) -> + let alias = Identifier.get_name left in + Config.add_function_sink config {sink = alias; args = package.args} + ) config package + ) config _object; (* dont do anything on other statements *) - | _ -> analysis *) - analysis + | _ -> config let init () : t = Config.read Init.filename diff --git a/lib/setup/config.ml b/lib/setup/config.ml index 1530406..ceba0b7 100644 --- a/lib/setup/config.ml +++ b/lib/setup/config.ml @@ -104,6 +104,8 @@ and to_package (package_json : Yojson.Basic.t) : package = { package = package_name; args = args } +let add_function_sink (config : t) (sink_info : functionSink) : t = + {config with functions = sink_info :: config.functions} let get_function_sink_name (sink_info : functionSink) : string = sink_info.sink @@ -111,6 +113,15 @@ let get_function_sink_info (config : t) (func_name : string) : functionSink opti let sink_infos = (List.filter (((=) func_name) << get_function_sink_name) config.functions) in List.nth_opt sink_infos 0 +let get_package_sink_info (config : t) (package_name : string) (method_name : string) : package option = + let method_sink = List.filter ( fun package_sink -> package_sink.sink = method_name ) config.packageSinks |> (flip List.nth_opt 0) in + map_default (fun (method_sink : packageSink) -> + let package = List.filter (fun package -> package.package = package_name) method_sink.packages |> (flip List.nth_opt 0) in + package + ) None method_sink + + + let get_package_source_info (config : t) (package : string) (property : string) : packageSource option = let source_infos = (List.filter (fun source_info -> source_info.source = property && List.exists (fun pkg -> pkg.package = package) source_info.packages) config.packageSources) in