Example 6 with TaintRecord
use of org.wso2.ballerinalang.compiler.semantics.model.symbols.TaintRecord in project ballerina by ballerina-lang.
the class TaintAnalyzer method visitInvokable.
private void visitInvokable(BLangFunction invNode, SymbolEnv symbolEnv) {
if (invNode.symbol.taintTable == null) {
if (Symbols.isNative(invNode.symbol) || invNode.interfaceFunction) {
attachTaintTableBasedOnAnnotations(invNode);
return;
}
Map<Integer, TaintRecord> taintTable = new HashMap<>();
returnTaintedStatusList = null;
// Check the tainted status of return values when no parameter is tainted.
analyzeAllParamsUntaintedReturnTaintedStatus(taintTable, invNode, symbolEnv);
boolean isBlocked = processBlockedNode(invNode);
if (isBlocked) {
return;
}
int requiredParamCount = invNode.requiredParams.size();
int defaultableParamCount = invNode.defaultableParams.size();
int totalParamCount = requiredParamCount + defaultableParamCount + (invNode.restParam == null ? 0 : 1);
for (int paramIndex = 0; paramIndex < totalParamCount; paramIndex++) {
BLangVariable param = getParam(invNode, paramIndex, requiredParamCount, defaultableParamCount);
// If parameter is sensitive, it is invalid to have a case where tainted status of parameter is true.
if (hasAnnotation(param, ANNOTATION_SENSITIVE)) {
continue;
}
returnTaintedStatusList = null;
// Set each parameter "tainted", then analyze the body to observe the outcome of the function.
analyzeReturnTaintedStatus(taintTable, invNode, symbolEnv, paramIndex, requiredParamCount, defaultableParamCount);
}
invNode.symbol.taintTable = taintTable;
}
}
Also used :
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
TaintRecord(org.wso2.ballerinalang.compiler.semantics.model.symbols.TaintRecord)
BLangEndpoint(org.wso2.ballerinalang.compiler.tree.BLangEndpoint)
BLangVariable(org.wso2.ballerinalang.compiler.tree.BLangVariable)
Example 7 with TaintRecord
use of org.wso2.ballerinalang.compiler.semantics.model.symbols.TaintRecord in project ballerina by ballerina-lang.
the class TaintAnalyzer method attachTaintTableBasedOnAnnotations.
private void attachTaintTableBasedOnAnnotations(BLangConnector connectorNode) {
if (connectorNode.symbol.taintTable == null) {
List<Boolean> retParamsTaintedStatus = new ArrayList<>();
Map<Integer, TaintRecord> taintTable = new HashMap<>();
taintTable.put(ALL_UNTAINTED_TABLE_ENTRY_INDEX, new TaintRecord(retParamsTaintedStatus, null));
if (connectorNode.params.size() > 0) {
// Append taint table with tainted status when each parameter is tainted.
for (int paramIndex = 0; paramIndex < connectorNode.params.size(); paramIndex++) {
BLangVariable param = connectorNode.params.get(paramIndex);
// If parameter is sensitive, test for this parameter being tainted is invalid.
if (hasAnnotation(param, ANNOTATION_SENSITIVE)) {
continue;
}
taintTable.put(paramIndex, new TaintRecord(retParamsTaintedStatus, null));
}
}
connectorNode.symbol.taintTable = taintTable;
}
}
Also used :
LinkedHashMap(java.util.LinkedHashMap)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
TaintRecord(org.wso2.ballerinalang.compiler.semantics.model.symbols.TaintRecord)
BLangEndpoint(org.wso2.ballerinalang.compiler.tree.BLangEndpoint)
BLangVariable(org.wso2.ballerinalang.compiler.tree.BLangVariable)
Aggregations
TaintRecord (org.wso2.ballerinalang.compiler.semantics.model.symbols.TaintRecord)7
BLangEndpoint (org.wso2.ballerinalang.compiler.tree.BLangEndpoint)6
BLangVariable (org.wso2.ballerinalang.compiler.tree.BLangVariable)6
ArrayList (java.util.ArrayList)4
HashMap (java.util.HashMap)4
LinkedHashMap (java.util.LinkedHashMap)4
BInvokableSymbol (org.wso2.ballerinalang.compiler.semantics.model.symbols.BInvokableSymbol)1
BVarSymbol (org.wso2.ballerinalang.compiler.semantics.model.symbols.BVarSymbol)1
BLangFunction (org.wso2.ballerinalang.compiler.tree.BLangFunction)1
BLangExpression (org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression)1
BLangLambdaFunction (org.wso2.ballerinalang.compiler.tree.expressions.BLangLambdaFunction)1
