-
Notifications
You must be signed in to change notification settings - Fork 273
/
Copy pathtaint_parser.cpp
150 lines (122 loc) · 3.69 KB
/
taint_parser.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/*******************************************************************\
Module: Taint Parser
Author: Daniel Kroening, [email protected]
\*******************************************************************/
/// \file
/// Taint Parser
#include "taint_parser.h"
#include <ostream>
#include <util/string2int.h>
#include <json/json_parser.h>
bool taint_parser(
const std::string &file_name,
taint_parse_treet &dest,
message_handlert &message_handler)
{
jsont json;
if(parse_json(file_name, message_handler, json))
{
messaget message(message_handler);
message.error() << "taint file is not a valid json file"
<< messaget::eom;
return true;
}
if(!json.is_array())
{
messaget message(message_handler);
message.error() << "expecting an array in the taint file, but got "
<< json << messaget::eom;
return true;
}
for(const auto &taint_spec : to_json_array(json))
{
if(!taint_spec.is_object())
{
messaget message(message_handler);
message.error() << "expecting an array of objects "
<< "in the taint file, but got " << taint_spec
<< messaget::eom;
return true;
}
taint_parse_treet::rulet rule;
const std::string kind = taint_spec["kind"].value;
if(kind=="source")
rule.kind=taint_parse_treet::rulet::SOURCE;
else if(kind=="sink")
rule.kind=taint_parse_treet::rulet::SINK;
else if(kind=="sanitizer")
rule.kind=taint_parse_treet::rulet::SANITIZER;
else
{
messaget message(message_handler);
message.error() << "taint rule must have \"kind\" which is "
"\"source\" or \"sink\" or \"sanitizer\""
<< messaget::eom;
return true;
}
const std::string function = taint_spec["function"].value;
if(function.empty())
{
messaget message(message_handler);
message.error() << "taint rule must have \"function\""
<< messaget::eom;
return true;
}
else
rule.function_identifier=function;
const std::string where = taint_spec["where"].value;
if(where=="return_value")
{
rule.where=taint_parse_treet::rulet::RETURN_VALUE;
}
else if(where == id2string(ID_this))
{
rule.where=taint_parse_treet::rulet::THIS;
}
else if(std::string(where, 0, 9)=="parameter")
{
rule.where=taint_parse_treet::rulet::PARAMETER;
rule.parameter_number=
safe_string2unsigned(std::string(where, 9, std::string::npos));
}
else
{
messaget message(message_handler);
message.error() << "taint rule must have \"where\""
<< " which is \"return_value\" or \"this\" "
<< "or \"parameter1\"..."
<< messaget::eom;
return true;
}
rule.taint = taint_spec["taint"].value;
rule.message = taint_spec["message"].value;
rule.id = taint_spec["id"].value;
dest.rules.push_back(rule);
}
return false;
}
void taint_parse_treet::rulet::output(std::ostream &out) const
{
if(!id.empty())
out << id << ": ";
switch(kind)
{
case SOURCE: out << "SOURCE "; break;
case SINK: out << "SINK "; break;
case SANITIZER: out << "SANITIZER "; break;
}
out << taint << " on ";
switch(where)
{
case THIS: out << "this in " << function_identifier; break;
case PARAMETER: out << "parameter " << parameter_number << " of "
<< function_identifier; break;
case RETURN_VALUE: out << "return value of " << function_identifier; break;
}
out << '\n';
}
void taint_parse_treet::output(std::ostream &out) const
{
for(const auto &rule : rules)
rule.output(out);
}