Class: Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow

Inherits:
Base
  • Object
show all
Defined in:
lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb

Overview

Represents an intercepted JS call due to tainted Frame::CalledFunction#arguments.

Author:

  • Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Instance Attribute Summary collapse

Attributes inherited from Base

#trace

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#==, #hash, #to_hash

Constructor Details

#initialize(options = {}) ⇒ DataFlow

Returns a new instance of DataFlow.



42
43
44
45
46
47
48
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 42

def initialize( options = {} )
    if options[:function].is_a? Hash
        @function = Frame::CalledFunction.new( options.delete(:function) )
    end

    super
end

Instance Attribute Details

#functionFrame::CalledFunction

Returns Relevant function.

Returns:



23
24
25
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 23

def function
  @function
end

#objectString

Returns Name of the object containing #function.

Returns:



27
28
29
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 27

def object
  @object
end

#taintString

Returns Active taint.

Returns:



40
41
42
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 40

def taint
  @taint
end

#tainted_argument_indexInteger

Returns Index for the tainted argument in Frame::CalledFunction#arguments.

Returns:



31
32
33
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 31

def tainted_argument_index
  @tainted_argument_index
end

#tainted_valueObject

Returns Tainted value of #tainted_argument_value, located by traversing it recursively.

Returns:



36
37
38
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 36

def tainted_value
  @tainted_value
end

Class Method Details

.from_rpc_data(data) ⇒ Object



72
73
74
75
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 72

def self.from_rpc_data( data )
    data['function'] = Frame::CalledFunction.from_rpc_data( data['function'] )
    super data
end

Instance Method Details

#tainted_argument_nameString?

Returns Name of the tainted argument.

Returns:

  • (String, nil)

    Name of the tainted argument.



59
60
61
62
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 59

def tainted_argument_name
    return if !function.signature_arguments
    function.signature_arguments[tainted_argument_index]
end

#tainted_argument_valueString?

Returns Value of the tainted argument.

Returns:

  • (String, nil)

    Value of the tainted argument.



52
53
54
55
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 52

def tainted_argument_value
    return if !function.arguments
    function.arguments[tainted_argument_index]
end

#to_hObject



64
65
66
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 64

def to_h
    super.merge( function: function.to_h )
end

#to_rpc_dataObject



68
69
70
# File 'lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb', line 68

def to_rpc_data
    to_h.merge( function: function.to_rpc_data )
end