scnr-introspector 0.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5682baf4ae51753f560e40d01c437b110fb798e9dda4e780799832e397177597
-  data.tar.gz: 6ccac3fd0802d210ae62105c97a27b407337df4a5460e556836201744f6f54c4
+  metadata.gz: 8725bd56ebb19d4dc43d75c4c19a2fde62996e6b0df84ac074f7baf5049f95db
+  data.tar.gz: b5b35b5cd86bbb75554b2ba8b144f87606b17990c90351df37417f3ec79cd3f2
 SHA512:
-  metadata.gz: b3256314a27a42c47c2e37b770d953827d487db5cb91f5fb01895a865bebfe7eff0078b435143575d56dbcc11d43accefcabc57ff35891d38d0631c96fc5f86b
-  data.tar.gz: cb0d31f2ad427fc23f04b13092dabf0d801badee3f4cedd41f06a1376535ad254055fca29f6c81ac2cf65ad1b3a696838497777108404c3fdd0d31154c1f2b3d
+  metadata.gz: 2ce2e0fa5215945851e1249a00f258a9ad542e090fe5f64402d2f804e1944f472c46438468a86b3fbf6cbb7d2e4aa2a092b89f5a7d50a90b92007b9a1bd1ca88
+  data.tar.gz: 5f281728c6423aa8222eb3b362dbac6a5715c60361a8d52666ea37a9b075542bac4fa4342e3b26e2aff80bb57bedaa7da44c8eb57ffc8e56cfb26467c3018b6d

data/lib/scnr/introspector/data_flow/sink.rb

@@ -1,3 +1,5 @@
+require_relative '../utilities/my_method_source/code_helpers'
+
 module SCNR
 class Introspector
 class DataFlow
@@ -7,6 +9,10 @@ class Sink
     attr_accessor :object
 
     attr_accessor :method_name
+    attr_accessor :method_source
+    attr_accessor :method_source_location
+
+    attr_accessor :source
 
     attr_accessor :arguments
 
@@ -23,6 +29,27 @@ class Sink
 
             send( "#{k}=", v )
         end
+
+        if !@method_source && @method_source_location
+            filepath = @method_source_location.first
+            lineno   = @method_source_location.last
+
+            if File.exists? filepath
+                File.open filepath do |f|
+                    begin
+                        @method_source = MyMethodSource::CodeHelpers.expression_at( File.open( f ), lineno )
+                    rescue SyntaxError
+                    end
+                end
+            end
+        end
+
+        if !@source && @backtrace
+            source_location = @backtrace.first.split( ':' ).first
+            if File.exists? source_location
+                @source = IO.read( source_location )
+            end
+        end
     end
 
     def marshal_dump

data/lib/scnr/introspector/execution_flow/point.rb

@@ -1,3 +1,5 @@
+require 'thread'
+
 module SCNR
 class Introspector
 class ExecutionFlow
@@ -26,6 +28,9 @@ class Point
     #   Event name.
     attr_accessor :event
 
+    attr_accessor :source
+    attr_accessor :file_contents
+
     # @param    [Hash]  options
     def initialize( options = {} )
         options.each do |k, v|
@@ -76,10 +81,27 @@ class Point
                 line_number: tp.lineno,
                 class_name:  defined_class,
                 method_name: tp.method_id,
-                event:       tp.event
+                event:       tp.event,
+                source:      source_line( tp.path, tp.lineno ),
+                file_contents: IO.read( tp.path )
             })
         end
+
+        def source_line_mutex( &block )
+            (@mutex ||= Mutex.new).synchronize( &block )
+        end
+
+        def source_line( path, line )
+            return if !path || !line
+
+            source_line_mutex do
+                @@lines ||= {}
+                @@lines[path] ||= IO.readlines( path )
+                @@lines[path][line-1]
+            end
+        end
     end
+    source_line_mutex {}
 
 end
 

data/lib/scnr/introspector/execution_flow.rb

@@ -6,6 +6,8 @@ class Introspector
 
 class ExecutionFlow
 
+    ALLOWED_EVENTS = Set.new([:line, :call, :c_call])
+
     # @return   [Scope]
     attr_accessor :scope
 
@@ -49,6 +51,7 @@ class ExecutionFlow
     #   `self`
     def trace( &block )
         TracePoint.new do |tp|
+            next if !ALLOWED_EVENTS.include? tp.event
             next if @scope.out?( tp.path )
 
             @points << create_point_from_trace_point( tp )

data/lib/scnr/introspector/utilities/my_method_source/code_helpers.rb

@@ -0,0 +1,156 @@
+module MyMethodSource
+
+  module CodeHelpers
+    # Retrieve the first expression starting on the given line of the given file.
+    #
+    # This is useful to get module or method source code.
+    #
+    # @param [Array<String>, File, String] file  The file to parse, either as a File or as
+    # @param [Integer]  line_number  The line number at which to look.
+    #                             NOTE: The first line in a file is
+    #                           line 1!
+    # @param [Hash] options The optional configuration parameters.
+    # @option options [Boolean] :strict  If set to true, then only completely
+    #   valid expressions are returned. Otherwise heuristics are used to extract
+    #   expressions that may have been valid inside an eval.
+    # @option options [Integer] :consume  A number of lines to automatically
+    #   consume (add to the expression buffer) without checking for validity.
+    # @return [String]  The first complete expression
+    # @raise [SyntaxError]  If the first complete expression can't be identified
+    def expression_at(file, line_number, options={})
+      options = {
+        :strict  => false,
+        :consume => 0
+      }.merge!(options)
+
+      lines = file.is_a?(Array) ? file : file.each_line.to_a
+
+      relevant_lines = lines[(line_number - 1)..-1] || []
+
+      extract_first_expression(relevant_lines, options[:consume])
+    rescue SyntaxError => e
+      raise if options[:strict]
+
+      begin
+        extract_first_expression(relevant_lines) do |code|
+          code.gsub(/\#\{.*?\}/, "temp")
+        end
+      rescue SyntaxError
+        raise e
+      end
+    end
+
+    # Retrieve the comment describing the expression on the given line of the given file.
+    #
+    # This is useful to get module or method documentation.
+    #
+    # @param [Array<String>, File, String] file  The file to parse, either as a File or as
+    #                                            a String or an Array of lines.
+    # @param [Integer]  line_number  The line number at which to look.
+    #                             NOTE: The first line in a file is line 1!
+    # @return [String]  The comment
+    def comment_describing(file, line_number)
+      lines = file.is_a?(Array) ? file : file.each_line.to_a
+
+      extract_last_comment(lines[0..(line_number - 2)])
+    end
+
+    # Determine if a string of code is a complete Ruby expression.
+    # @param [String] code The code to validate.
+    # @return [Boolean] Whether or not the code is a complete Ruby expression.
+    # @raise [SyntaxError] Any SyntaxError that does not represent incompleteness.
+    # @example
+    #   complete_expression?("class Hello") #=> false
+    #   complete_expression?("class Hello; end") #=> true
+    #   complete_expression?("class 123") #=> SyntaxError: unexpected tINTEGER
+    def complete_expression?(str)
+      old_verbose = $VERBOSE
+      $VERBOSE = nil
+
+      catch(:valid) do
+        eval("BEGIN{throw :valid}\n#{str}")
+      end
+
+      # Assert that a line which ends with a , or \ is incomplete.
+      str !~ /[,\\]\s*\z/
+    rescue IncompleteExpression
+      false
+    ensure
+      $VERBOSE = old_verbose
+    end
+
+    private
+
+    # Get the first expression from the input.
+    #
+    # @param [Array<String>]  lines
+    # @param [Integer] consume A number of lines to automatically
+    #   consume (add to the expression buffer) without checking for validity.
+    # @yield a clean-up function to run before checking for complete_expression
+    # @return [String]  a valid ruby expression
+    # @raise [SyntaxError]
+    def extract_first_expression(lines, consume=0, &block)
+      code = consume.zero? ? +"" : lines.slice!(0..(consume - 1)).join
+
+      lines.each do |v|
+        code << v
+        return code if complete_expression?(block ? block.call(code) : code)
+      end
+      raise SyntaxError, "unexpected $end"
+    end
+
+    # Get the last comment from the input.
+    #
+    # @param [Array<String>]  lines
+    # @return [String]
+    def extract_last_comment(lines)
+      buffer = +""
+
+      lines.each do |line|
+        # Add any line that is a valid ruby comment,
+        # but clear as soon as we hit a non comment line.
+        if (line =~ /^\s*#/) || (line =~ /^\s*$/)
+          buffer << line.lstrip
+        else
+          buffer.clear
+        end
+      end
+
+      buffer
+    end
+
+    # An exception matcher that matches only subsets of SyntaxErrors that can be
+    # fixed by adding more input to the buffer.
+    module IncompleteExpression
+      GENERIC_REGEXPS = [
+        /unexpected (\$end|end-of-file|end-of-input|END_OF_FILE)/, # mri, jruby, ruby-2.0, ironruby
+        /embedded document meets end of file/, # =begin
+        /unterminated (quoted string|string|regexp|list) meets end of file/, # "quoted string" is ironruby
+        /can't find string ".*" anywhere before EOF/, # rbx and jruby
+        /missing 'end' for/, /expecting kWHEN/ # rbx
+      ]
+
+      RBX_ONLY_REGEXPS = [
+        /expecting '[})\]]'(?:$|:)/, /expecting keyword_end/
+      ]
+
+      def self.===(ex)
+        return false unless SyntaxError === ex
+        case ex.message
+        when *GENERIC_REGEXPS
+          true
+        when *RBX_ONLY_REGEXPS
+          rbx?
+        else
+          false
+        end
+      end
+
+      def self.rbx?
+        RbConfig::CONFIG['ruby_install_name'] == 'rbx'
+      end
+    end
+
+    extend self
+  end
+end

data/lib/scnr/introspector/version

@@ -1 +1 @@
-0.1
+0.3.0

data/lib/scnr/introspector.rb

@@ -1,5 +1,7 @@
 require 'rbconfig'
+require 'securerandom'
 require 'rack/utils'
+require 'base64'
 require 'pp'
 
 module SCNR
@@ -23,59 +25,41 @@ class Introspector
     module Overloads
     end
 
-    OVERLOAD.each do |m, object|
-        if object.is_a? Array
-            name      = object.pop
-            namespace = Object
-
-            n = false
-            object.each do |o|
-                begin
-                    namespace = namespace.const_get( o )
-                rescue
-                    n = true
-                    break
-                end
-            end
-            next if n
-
-            object = namespace.const_get( name ) rescue next
-        else
-            object = Object.const_get( object ) rescue next
-        end
-
-        overload( object, m )
-    end
-
     @mutex  = Mutex.new
     class <<self
         def overload( object, m )
+            method_source_location = object.allocate.method(m).source_location
+            rnd = SecureRandom.hex(10)
+
             ov = <<EORUBY
         module Overloads
-        module #{object.to_s.split( '::' ).join}Overload
+        module #{object.to_s.split( '::' ).join}#{rnd}Overload
             def #{m}( *args )
-                SCNR::Introspector.find_and_log_taint( #{object}, :#{m}, args )   
+                SCNR::Introspector.find_and_log_taint( #{object}, :#{m}, #{method_source_location.inspect}, args )
                 super *args
             end
         end
         end
 
-        #{object}.prepend Overloads::#{object.to_s.split( '::' ).join}Overload
+        #{object}.prepend Overloads::#{object.to_s.split( '::' ).join}#{rnd}Overload
 EORUBY
             eval ov
-            eval ov
+        rescue => e
+            # puts ov
+            # pp e
+            # pp e.backtrace
         end
 
         def taint_seed=( t )
-            @taint = t
+            Thread.current[:taint] = t
         end
 
         def taint_seed
-            @taint
+            Thread.current[:taint]
         end
 
         def data_flows
-            @data_flows ||= {}
+            Thread.current[:data_flows] ||= {}
         end
 
         def synchronize( &block )
@@ -88,6 +72,12 @@ EORUBY
             end
         end
 
+        def flush_sinks( taint )
+            synchronize do
+                self.data_flows.delete taint
+            end
+        end
+
         def filter_caller( a )
             dir = File.dirname( __FILE__ )
             a.reject do |c|
@@ -95,8 +85,8 @@ EORUBY
             end
         end
 
-        def find_and_log_taint( object, method, args )
-            taint = @taint
+        def find_and_log_taint( object, method, method_source_location, args )
+            taint = self.taint_seed
             return if !taint
 
             tainted = find_taint_in_arguments( taint, args )
@@ -108,7 +98,8 @@ EORUBY
               arguments:    args,
               tainted_argument_index: tainted[0],
               tainted_value:          tainted[1].to_s,
-              backtrace:    filter_caller( Kernel.caller )
+              backtrace:    filter_caller( Kernel.caller[1..-1] ),
+              method_source_location: method_source_location
             )
             log_sinks( taint, sink )
         end
@@ -149,19 +140,65 @@ EORUBY
         end
     end
 
+    OVERLOAD.each do |m, object|
+        if object.is_a? Array
+            name      = object.pop
+            namespace = Object
+
+            n = false
+            object.each do |o|
+                begin
+                    namespace = namespace.const_get( o )
+                rescue
+                    n = true
+                    break
+                end
+            end
+            next if n
+
+            object = namespace.const_get( name ) rescue next
+        else
+            object = Object.const_get( object ) rescue next
+        end
+
+        overload( object, m )
+    end
+
     def initialize( app, options = {} )
         @app     = app
         @options = options
 
         overload_application
+        overload_rails if rails?
 
         @mutex = Mutex.new
     end
 
     def overload_application
-        @app.methods.each do |m|
-            next if @app.method( m ).parameters.empty?
-            self.class.overload( @app.class, m )
+        overload_class @app.class
+    end
+
+    def overload_rails
+        Rails.application.eager_load!
+
+        klasses = [
+          ActionController::Base,
+          ActiveRecord::Base
+        ]
+        descendants = klasses.map do |k|
+            ObjectSpace.each_object( Class ).select { |klass| klass < k }
+        end.flatten.reject { |k| k.to_s.start_with? '#' }
+
+        descendants.each do |klass|
+            overload_class klass
+        end
+    end
+
+    def overload_class( klass )
+        k = klass.allocate
+        k.methods.each do |m|
+            next if k.method( m ).parameters.empty?
+            self.class.overload( klass, m )
         end
     end
 
@@ -174,10 +211,13 @@ EORUBY
         info << :platforms
 
         if env.delete( 'HTTP_X_SCNR_INTROSPECTOR_TRACE' )
-            info << :data_flow
             info << :execution_flow
         end
 
+        if env['HTTP_X_SCNR_INTROSPECTOR_TAINT']
+            info << :data_flow
+        end
+
         inject( env, info )
 
     rescue => e
@@ -187,7 +227,12 @@ EORUBY
 
     def inject( env, info = [] )
         self.class.taint_seed = env.delete( 'HTTP_X_SCNR_INTROSPECTOR_TAINT' )
-        seed                  = env.delete( 'HTTP_X_SCNR_ENGINE_SCAN_SEED' )
+        if self.class.taint_seed
+            self.class.taint_seed = Base64.decode64( self.class.taint_seed )
+            self.class.taint_seed = nil if self.class.taint_seed.empty?
+        end
+
+        seed = env.delete( 'HTTP_X_SCNR_ENGINE_SCAN_SEED' )
 
         data = {}
 
@@ -215,17 +260,25 @@ EORUBY
         end
 
         if info.include?( :data_flow ) && self.class.taint_seed
-            data['data_flow'] = self.class.data_flows.delete( self.class.taint_seed )&.to_rpc_data
+            data['data_flow'] = self.class.flush_sinks( self.class.taint_seed )&.to_rpc_data
         end
 
         code    = response.shift
         headers = response.shift
         body    = response.shift
 
-        body << "<!-- #{seed}\n#{JSON.dump( data )}\n#{seed} -->"
-        headers['Content-Length'] = body.map(&:bytesize).inject(&:+)
+        if headers['Content-Type'] && headers['Content-Type'].include?( 'html' )
+            body = body.respond_to?( :body ) ? body.body : body
+            body = [body].flatten
+            body << "<!-- #{seed}\n#{JSON.dump( data )}\n#{seed} -->"
+
+            headers['Content-Length'] = body.map(&:bytesize).inject(:+)
+        end
 
-        [code, headers, body ]
+        [code, headers, [body].flatten ]
+    rescue => e
+        pp e
+        pp e.backtrace
     end
 
     def platforms
@@ -282,9 +335,7 @@ EORUBY
     end
 
     def rails?
-        if defined? Rails
-            return @app.is_a? Rails::Application
-        end
+        !!defined?( Rails )
     end
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: scnr-introspector
 version: !ruby/object:Gem::Version
-  version: '0.1'
+  version: 0.3.0
 platform: ruby
 authors:
 - Tasos Laskos
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-21 00:00:00.000000000 Z
+date: 2025-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -100,6 +100,7 @@ files:
 - lib/scnr/introspector/execution_flow/point.rb
 - lib/scnr/introspector/execution_flow/scope.rb
 - lib/scnr/introspector/scope.rb
+- lib/scnr/introspector/utilities/my_method_source/code_helpers.rb
 - lib/scnr/introspector/version
 - lib/scnr/introspector/version.rb
 homepage: http://ecsypno.com