Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 986532a

Browse files
committed
128: Stop asking for all chains
1 parent c0ef675 commit 986532a

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

‎pyt/vulnerabilities/vulnerabilities.py‎

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -327,38 +327,38 @@ def how_vulnerable(
327327
if current_node in sanitiser_nodes:
328328
vuln_deets['sanitiser'] = current_node
329329
vuln_deets['confident'] = True
330-
return VulnerabilityType.SANITISED
330+
return VulnerabilityType.SANITISED, interactive
331331

332332
if isinstance(current_node, BBorBInode):
333333
if current_node.func_name in blackbox_mapping['propagates']:
334334
continue
335335
elif current_node.func_name in blackbox_mapping['does_not_propagate']:
336-
return VulnerabilityType.FALSE
336+
return VulnerabilityType.FALSE, interactive
337337
elif interactive:
338338
user_says = input(
339-
'Is the return value of {} with tainted argument "{}" vulnerable? ([Y]es/[N]o/[S]top)'.format(
339+
'Is the return value of {} with tainted argument "{}" vulnerable? ([Y]es/[N]o/[S]top asking)'.format(
340340
current_node.label,
341341
chain[i - 1].left_hand_side
342342
)
343343
).lower()
344344
if user_says.startswith('s'):
345345
interactive = False
346346
vuln_deets['unknown_assignment'] = current_node
347-
return VulnerabilityType.UNKNOWN
347+
return VulnerabilityType.UNKNOWN, interactive
348348
if user_says.startswith('n'):
349349
blackbox_mapping['does_not_propagate'].append(current_node.func_name)
350-
return VulnerabilityType.FALSE
350+
return VulnerabilityType.FALSE, interactive
351351
blackbox_mapping['propagates'].append(current_node.func_name)
352352
else:
353353
vuln_deets['unknown_assignment'] = current_node
354-
return VulnerabilityType.UNKNOWN
354+
return VulnerabilityType.UNKNOWN, interactive
355355

356356
if potential_sanitiser:
357357
vuln_deets['sanitiser'] = potential_sanitiser
358358
vuln_deets['confident'] = False
359-
return VulnerabilityType.SANITISED
359+
return VulnerabilityType.SANITISED, interactive
360360

361-
return VulnerabilityType.TRUE
361+
return VulnerabilityType.TRUE, interactive
362362

363363

364364
def get_tainted_node_in_sink_args(
@@ -443,12 +443,13 @@ def get_vulnerability(
443443
cfg.nodes,
444444
lattice
445445
)
446+
446447
for chain in get_vulnerability_chains(
447448
source.cfg_node,
448449
sink.cfg_node,
449450
def_use
450451
):
451-
vulnerability_type = how_vulnerable(
452+
vulnerability_type, interactive = how_vulnerable(
452453
chain,
453454
blackbox_mapping,
454455
sanitiser_nodes,
@@ -462,9 +463,9 @@ def get_vulnerability(
462463

463464
vuln_deets['reassignment_nodes'] = chain
464465

465-
return vuln_factory(vulnerability_type)(**vuln_deets)
466+
return vuln_factory(vulnerability_type)(**vuln_deets), interactive
466467

467-
return None
468+
return None, interactive
468469

469470

470471
def find_vulnerabilities_in_cfg(
@@ -495,7 +496,7 @@ def find_vulnerabilities_in_cfg(
495496
)
496497
for sink in triggers.sinks:
497498
for source in triggers.sources:
498-
vulnerability = get_vulnerability(
499+
vulnerability, interactive = get_vulnerability(
499500
source,
500501
sink,
501502
triggers,

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /