tainted 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +7 -2
  3. data/lib/tainted/lint.rb +1 -1
  4. data/lib/tainted/offense.rb +12 -0
  5. data/lib/tainted/static.rb +3 -3
  6. data/lib/tainted/version.rb +1 -1
  7. data/lib/tainted.rb +1 -0
  8. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2d61982c033f50c5e79a00dc34ef94fe612400097ef70e2e934d6def3f28cfac
4
- data.tar.gz: 55314168a8b4a3026e4c0cf9c9c61adcd277ed306ef656078b29f9930cff8dcd
3
+ metadata.gz: 278da9234147c4a8df18795ca9666877032253e8cb4409219ba0fd8e4420444b
4
+ data.tar.gz: 16e24fa14406e9755b3f631809a23a13fcf255605b5f6a2f66fc60d27ecee27a
5
5
  SHA512:
6
- metadata.gz: a211a22a04214a44ddb858930a69af6014f2c18aeb23c86c63ebcfbb8034f6f2da2d2f541088314fed8a0a59eb2a410ea9a9ca9e5527a89bef08e168a60eac5d
7
- data.tar.gz: 1da46aac7509d85177687d1b4f1ab06824d6f7e944c2404dfc249cffe17c3cf9eb29b9470ca7914df86b113c8134655ee5a06e6c533a3164544fa4e6935b179e
6
+ metadata.gz: b1fdc6834f8e8727e6e7fa0328ddd4193d4a7433f3c020f16eacaa6d63ef61f96b682a7a7e8b34db7e39d28a4554c77373d96467bb3a9cab8b8b00348d4b0fd0
7
+ data.tar.gz: 96b9a1687308bed7f57317dd66ece9eca69a7d0e2a7544cc8e40861017911d447aa11244daf44d5e3d27620358e80150e117b008c3a7a97b76e633608ff73f31
data/README.md CHANGED
@@ -29,8 +29,13 @@ require 'tainted'
29
29
  file = "#{__dir__}/../fixtures/simple.rb"
30
30
  lint = Tainted::Lint.new(file, %i[tainted], %i[unsafe])
31
31
  lint.analyze
32
- # Method `unsafe()` consuming tainted variable `d`
33
- # Method `unsafe()` consuming tainted variable `c`
32
+ =>
33
+ [#<Tainted::Offense:0x0000000107caf690
34
+ @message="Method `unsafe()` consuming tainted variable `d`",
35
+ @node=(call nil nil (ident "unsafe") (arg_paren (args ((var_ref (ident "d"))))))>,
36
+ #<Tainted::Offense:0x0000000107caf5f0
37
+ @message="Method `unsafe()` consuming tainted variable `c`",
38
+ @node=(call nil nil (ident "unsafe") (arg_paren (args ((var_ref (ident "c"))))))>]
34
39
  ```
35
40
 
36
41
  ## Development
data/lib/tainted/lint.rb CHANGED
@@ -15,7 +15,7 @@ module Tainted
15
15
 
16
16
  def analyze
17
17
  @visitor.visit(SyntaxTree.parse_file(@filepath))
18
- @visitor.result
18
+ @visitor.offenses
19
19
  end
20
20
  end
21
21
  end
data/lib/tainted/offense.rb ADDED
@@ -0,0 +1,12 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Tainted
4
+ class Offense
5
+ attr_reader :node, :message
6
+
7
+ def initialize(node, message)
8
+ @node = node
9
+ @message = message
10
+ end
11
+ end
12
+ end
data/lib/tainted/static.rb CHANGED
@@ -2,14 +2,14 @@
2
2
 
3
3
  module Tainted
4
4
  class Static < SyntaxTree::Visitor
5
- attr_reader :result
5
+ attr_reader :offenses
6
6
 
7
7
  def initialize(sources, sinks)
8
8
  super()
9
9
 
10
10
  @sources = sources
11
11
  @sinks = sinks
12
- @result = []
12
+ @offenses = []
13
13
  end
14
14
 
15
15
  def visit(node)
@@ -58,7 +58,7 @@ module Tainted
58
58
  taint_statuses.each do |status|
59
59
  next unless status[1]
60
60
 
61
- @result << "Method `#{method_name}()` consuming tainted variable `#{status[0].value.value}`"
61
+ @offenses << Offense.new(node, "Method `#{method_name}()` consuming tainted variable `#{status[0].value.value}`")
62
62
  end
63
63
  end
64
64
 
data/lib/tainted/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Tainted
4
- VERSION = "0.2.0"
4
+ VERSION = "0.3.0"
5
5
  end
data/lib/tainted.rb CHANGED
@@ -6,6 +6,7 @@ require_relative "tainted/state"
6
6
  require_relative "tainted/static"
7
7
  require_relative "tainted/lint"
8
8
  require_relative "tainted/dataflow"
9
+ require_relative "tainted/offense"
9
10
  require_relative "tainted/version"
10
11
 
11
12
  module Tainted
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tainted
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Syed Faraaz Ahmad
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-11-04 00:00:00.000000000 Z
11
+ date: 2023-11-09 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description:
14
14
  email:
@@ -26,6 +26,7 @@ files:
26
26
  - lib/tainted.rb
27
27
  - lib/tainted/dataflow.rb
28
28
  - lib/tainted/lint.rb
29
+ - lib/tainted/offense.rb
29
30
  - lib/tainted/state.rb
30
31
  - lib/tainted/static.rb
31
32
  - lib/tainted/version.rb