RubyGems - tainted - Versions diffs - 0.1.0 → 0.2.0 - Mend

tainted 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1b26e5de6db90715d8868475b14f828ee951472378e2ab3d751bb36e0ab570a1
-  data.tar.gz: 4e84f893cefc8c37f52b9b353ff80ea3a63eba096f625d6acb2061aefb83d299
+  metadata.gz: 2d61982c033f50c5e79a00dc34ef94fe612400097ef70e2e934d6def3f28cfac
+  data.tar.gz: 55314168a8b4a3026e4c0cf9c9c61adcd277ed306ef656078b29f9930cff8dcd
 SHA512:
-  metadata.gz: 2a73d2e0c62366eb397b64c7f4cd8d78f643ba1179bafa4534664c901cadc683d3b1d375a205024e0716930d17634076de122e36e3f96c2c8f53f0310ac747c9
-  data.tar.gz: f1444e63ab1f1fa2cbb328b19d2676c5eabc5948ae6a4bc7af0167ce08c7dd898ea5ee203629ab30adec04c76d0ed652c1966ff008c4806775d8e4039726aaeb
+  metadata.gz: a211a22a04214a44ddb858930a69af6014f2c18aeb23c86c63ebcfbb8034f6f2da2d2f541088314fed8a0a59eb2a410ea9a9ca9e5527a89bef08e168a60eac5d
+  data.tar.gz: 1da46aac7509d85177687d1b4f1ab06824d6f7e944c2404dfc249cffe17c3cf9eb29b9470ca7914df86b113c8134655ee5a06e6c533a3164544fa4e6935b179e

data/Rakefile CHANGED Viewed

@@ -9,4 +9,4 @@ require "rubocop/rake_task"
 RuboCop::RakeTask.new
-task default: %i[spec rubocop]
+task default: %i[spec]

data/lib/tainted/lint.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Tainted
     def initialize(filepath, sources, sinks)
       @filepath = filepath
-      t = Tainted::DataFlow.new(@filepath)
+      t = DataFlow.new(@filepath)
       t.generate
       var_dependencies = t.tainted
       State.instance.var_dependencies = var_dependencies

data/lib/tainted/static.rb CHANGED Viewed

@@ -4,10 +4,11 @@ module Tainted
   class Static < SyntaxTree::Visitor
     attr_reader :result
-    def initialize(sources, _sinks)
+    def initialize(sources, sinks)
       super()
       @sources = sources
+      @sinks = sinks
       @result = []
     end
@@ -29,10 +30,17 @@ module Tainted
     def parse_assign(node)
       variable_name = node.target.value.value
-      # pp node.value.class
-      return unless node.value.is_a?(SyntaxTree::CallNode)
-      method_name = node.value.message.value
+      method_name =
+        case node.value
+        when SyntaxTree::CallNode
+          node.value.message.value
+        when SyntaxTree::ARef
+          # (aref (vcall (ident "<method_name>")))
+          node.value.collection.value.value
+        end
+      return if method_name.nil?
       return unless @sources.include?(method_name&.to_sym)
       State.instance.var_dependencies[variable_name.to_sym][:tainted] = true
@@ -45,6 +53,8 @@ module Tainted
         arguments.map { |arg| [arg, taint_status(arg.value.value.to_sym)] }
       method_name = node.message.value
+      return unless @sinks.include?(method_name.to_sym)
       taint_statuses.each do |status|
         next unless status[1]

data/lib/tainted/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Tainted
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tainted
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Syed Faraaz Ahmad
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-23 00:00:00.000000000 Z
+date: 2023-11-04 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -23,7 +23,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- fixtures/simple.rb
 - lib/tainted.rb
 - lib/tainted/dataflow.rb
 - lib/tainted/lint.rb

data/fixtures/simple.rb DELETED Viewed

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-a = tainted()
-b = a + 1
-c = b + 2
-d = b + c
-unsafe(d)
-unsafe(c)