Example 6 with BLangExpression
use of org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression in project ballerina by ballerina-lang.
the class TaintAnalyzer method analyzeLambdaExpressions.
private void analyzeLambdaExpressions(BLangInvocation invocationExpr, BLangExpression argExpr) {
BLangFunction function = ((BLangLambdaFunction) argExpr).function;
if (function.symbol.taintTable == null) {
addToBlockedList(invocationExpr);
} else {
int requiredParamCount = function.requiredParams.size();
int defaultableParamCount = function.defaultableParams.size();
int totalParamCount = requiredParamCount + defaultableParamCount + (function.restParam == null ? 0 : 1);
Map<Integer, TaintRecord> taintTable = function.symbol.taintTable;
for (int paramIndex = 0; paramIndex < totalParamCount; paramIndex++) {
TaintRecord taintRecord = taintTable.get(paramIndex);
BLangVariable param = getParam(function, paramIndex, requiredParamCount, defaultableParamCount);
if (taintRecord == null) {
addTaintError(argExpr.pos, param.name.value, DiagnosticCode.TAINTED_VALUE_PASSED_TO_SENSITIVE_PARAMETER);
} else if (taintRecord.taintError != null && taintRecord.taintError.size() > 0) {
addTaintError(taintRecord.taintError);
}
if (stopAnalysis) {
break;
}
}
}
}
Also used :
BLangFunction(org.wso2.ballerinalang.compiler.tree.BLangFunction)
BLangLambdaFunction(org.wso2.ballerinalang.compiler.tree.expressions.BLangLambdaFunction)
TaintRecord(org.wso2.ballerinalang.compiler.semantics.model.symbols.TaintRecord)
BLangEndpoint(org.wso2.ballerinalang.compiler.tree.BLangEndpoint)
BLangVariable(org.wso2.ballerinalang.compiler.tree.BLangVariable)
Example 7 with BLangExpression
use of org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression in project ballerina by ballerina-lang.
the class TaintAnalyzer method visit.
public void visit(BLangReturn returnNode) {
List<Boolean> returnTaintedStatus = new ArrayList<>();
if (returnNode.namedReturnVariables == null) {
// If named returns are not used, evaluate each expression to identify the tainted status.
for (BLangExpression expr : returnNode.exprs) {
expr.accept(this);
returnTaintedStatus.addAll(taintedStatusList);
}
} else {
// If named returns are used, report back the tainted status of each variable.
for (BLangVariable var : returnNode.namedReturnVariables) {
returnTaintedStatus.add(var.symbol.tainted);
}
}
if (returnTaintedStatusList == null) {
returnTaintedStatusList = returnTaintedStatus;
} else {
// collective tainted status of returns.
for (int i = 0; i < returnTaintedStatusList.size(); i++) {
if (returnTaintedStatus.size() > i && returnTaintedStatus.get(i)) {
returnTaintedStatusList.set(i, true);
}
}
}
taintedStatusList = returnTaintedStatusList;
}
Also used :
ArrayList(java.util.ArrayList)
BLangExpression(org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression)
BLangVariable(org.wso2.ballerinalang.compiler.tree.BLangVariable)
BLangEndpoint(org.wso2.ballerinalang.compiler.tree.BLangEndpoint)
Example 8 with BLangExpression
use of org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression in project ballerina by ballerina-lang.
the class TaintAnalyzer method visit.
public void visit(BLangXMLElementLiteral xmlElementLiteral) {
SymbolEnv xmlElementEnv = SymbolEnv.getXMLElementEnv(xmlElementLiteral, env);
// Visit in-line namespace declarations
boolean inLineNamespaceTainted = false;
for (BLangXMLAttribute attribute : xmlElementLiteral.attributes) {
if (attribute.name.getKind() == NodeKind.XML_QNAME && ((BLangXMLQName) attribute.name).prefix.value.equals(XMLConstants.XMLNS_ATTRIBUTE)) {
attribute.accept(this);
attribute.symbol.tainted = getObservedTaintedStatus();
if (attribute.symbol.tainted) {
inLineNamespaceTainted = true;
}
}
}
// Visit attributes.
boolean attributesTainted = false;
for (BLangXMLAttribute attribute : xmlElementLiteral.attributes) {
if (attribute.name.getKind() == NodeKind.XML_QNAME && !((BLangXMLQName) attribute.name).prefix.value.equals(XMLConstants.XMLNS_ATTRIBUTE)) {
attribute.accept(this);
attribute.symbol.tainted = getObservedTaintedStatus();
if (attribute.symbol.tainted) {
attributesTainted = true;
}
}
}
// Visit the tag names
xmlElementLiteral.startTagName.accept(this);
boolean startTagTaintedStatus = getObservedTaintedStatus();
boolean endTagTaintedStatus = false;
if (xmlElementLiteral.endTagName != null) {
xmlElementLiteral.endTagName.accept(this);
endTagTaintedStatus = getObservedTaintedStatus();
}
boolean tagNamesTainted = startTagTaintedStatus || endTagTaintedStatus;
// Visit the children
boolean childrenTainted = false;
for (BLangExpression expr : xmlElementLiteral.children) {
expr.accept(this);
if (getObservedTaintedStatus()) {
childrenTainted = true;
}
}
setTaintedStatusList(inLineNamespaceTainted || attributesTainted || tagNamesTainted || childrenTainted);
}
Also used :
BLangXMLQName(org.wso2.ballerinalang.compiler.tree.expressions.BLangXMLQName)
BLangXMLAttribute(org.wso2.ballerinalang.compiler.tree.expressions.BLangXMLAttribute)
SymbolEnv(org.wso2.ballerinalang.compiler.semantics.model.SymbolEnv)
BLangExpression(org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression)
Example 9 with BLangExpression
use of org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression in project ballerina by ballerina-lang.
the class TaintAnalyzer method visitAssignment.
private void visitAssignment(BLangExpression varRefExpr, boolean varTaintedStatus, DiagnosticPos pos) {
// Generate error if a global variable has been assigned with a tainted value.
if (varTaintedStatus && varRefExpr instanceof BLangVariableReference) {
BLangVariableReference varRef = (BLangVariableReference) varRefExpr;
if (varRef.symbol != null && varRef.symbol.owner != null) {
if (varRef.symbol.owner instanceof BPackageSymbol || SymbolKind.SERVICE.equals(varRef.symbol.owner.kind) || SymbolKind.CONNECTOR.equals(varRef.symbol.owner.kind)) {
addTaintError(pos, varRef.symbol.name.value, DiagnosticCode.TAINTED_VALUE_PASSED_TO_GLOBAL_VARIABLE);
return;
}
}
}
// TODO: Re-evaluating the full data-set (array) when a change occur.
if (varRefExpr instanceof BLangIndexBasedAccess) {
nonOverridingAnalysis = true;
updatedVarRefTaintedState((BLangIndexBasedAccess) varRefExpr, varTaintedStatus);
nonOverridingAnalysis = false;
} else if (varRefExpr instanceof BLangFieldBasedAccess) {
BLangFieldBasedAccess fieldBasedAccessExpr = (BLangFieldBasedAccess) varRefExpr;
// Propagate tainted status to fields, when field symbols are present (Example: structs).
if (fieldBasedAccessExpr.symbol != null) {
setTaintedStatus(fieldBasedAccessExpr, varTaintedStatus);
}
nonOverridingAnalysis = true;
updatedVarRefTaintedState(fieldBasedAccessExpr, varTaintedStatus);
nonOverridingAnalysis = false;
} else {
BLangVariableReference varRef = (BLangVariableReference) varRefExpr;
setTaintedStatus(varRef, varTaintedStatus);
}
}
Also used :
BLangIndexBasedAccess(org.wso2.ballerinalang.compiler.tree.expressions.BLangIndexBasedAccess)
BPackageSymbol(org.wso2.ballerinalang.compiler.semantics.model.symbols.BPackageSymbol)
BLangFieldBasedAccess(org.wso2.ballerinalang.compiler.tree.expressions.BLangFieldBasedAccess)
BLangVariableReference(org.wso2.ballerinalang.compiler.tree.expressions.BLangVariableReference)
Example 10 with BLangExpression
use of org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression in project ballerina by ballerina-lang.
the class TaintAnalyzer method visit.
public void visit(BLangPostIncrement postIncrement) {
BLangExpression varRefExpr = postIncrement.varRef;
varRefExpr.accept(this);
boolean varTaintedStatus = getObservedTaintedStatus();
visitAssignment(varRefExpr, varTaintedStatus, postIncrement.pos);
}
Also used :
BLangExpression(org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression)
Aggregations
BLangExpression (org.wso2.ballerinalang.compiler.tree.expressions.BLangExpression)101
BType (org.wso2.ballerinalang.compiler.semantics.model.types.BType)27
BLangEndpoint (org.wso2.ballerinalang.compiler.tree.BLangEndpoint)26
ArrayList (java.util.ArrayList)22
BLangSimpleVarRef (org.wso2.ballerinalang.compiler.tree.expressions.BLangSimpleVarRef)19
BLangVariable (org.wso2.ballerinalang.compiler.tree.BLangVariable)15
BLangLiteral (org.wso2.ballerinalang.compiler.tree.expressions.BLangLiteral)15
SelectExpressionNode (org.ballerinalang.model.tree.clauses.SelectExpressionNode)14
ExpressionNode (org.ballerinalang.model.tree.expressions.ExpressionNode)14
RegIndex (org.wso2.ballerinalang.programfile.Instruction.RegIndex)14
BSymbol (org.wso2.ballerinalang.compiler.semantics.model.symbols.BSymbol)13
BVarSymbol (org.wso2.ballerinalang.compiler.semantics.model.symbols.BVarSymbol)11
BLangArrayLiteral (org.wso2.ballerinalang.compiler.tree.expressions.BLangArrayLiteral)11
BLangRecordLiteral (org.wso2.ballerinalang.compiler.tree.expressions.BLangRecordLiteral)11
BLangTypeConversionExpr (org.wso2.ballerinalang.compiler.tree.expressions.BLangTypeConversionExpr)11
SymbolEnv (org.wso2.ballerinalang.compiler.semantics.model.SymbolEnv)10
BLangInvocation (org.wso2.ballerinalang.compiler.tree.expressions.BLangInvocation)10
BLangXMLQName (org.wso2.ballerinalang.compiler.tree.expressions.BLangXMLQName)10
BLangXMLQuotedString (org.wso2.ballerinalang.compiler.tree.expressions.BLangXMLQuotedString)10
BLangAssignment (org.wso2.ballerinalang.compiler.tree.statements.BLangAssignment)10
