RubyGems - tainted - Versions diffs - 0.1.0 → 0.2.0 - Mend

tainted 0.1.0 → 0.2.0

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1b26e5de6db90715d8868475b14f828ee951472378e2ab3d751bb36e0ab570a1
-  data.tar.gz: 4e84f893cefc8c37f52b9b353ff80ea3a63eba096f625d6acb2061aefb83d299
+  metadata.gz: 2d61982c033f50c5e79a00dc34ef94fe612400097ef70e2e934d6def3f28cfac
+  data.tar.gz: 55314168a8b4a3026e4c0cf9c9c61adcd277ed306ef656078b29f9930cff8dcd
 SHA512:
-  metadata.gz: 2a73d2e0c62366eb397b64c7f4cd8d78f643ba1179bafa4534664c901cadc683d3b1d375a205024e0716930d17634076de122e36e3f96c2c8f53f0310ac747c9
-  data.tar.gz: f1444e63ab1f1fa2cbb328b19d2676c5eabc5948ae6a4bc7af0167ce08c7dd898ea5ee203629ab30adec04c76d0ed652c1966ff008c4806775d8e4039726aaeb
+  metadata.gz: a211a22a04214a44ddb858930a69af6014f2c18aeb23c86c63ebcfbb8034f6f2da2d2f541088314fed8a0a59eb2a410ea9a9ca9e5527a89bef08e168a60eac5d
+  data.tar.gz: 1da46aac7509d85177687d1b4f1ab06824d6f7e944c2404dfc249cffe17c3cf9eb29b9470ca7914df86b113c8134655ee5a06e6c533a3164544fa4e6935b179e

data/Rakefile CHANGED Viewed

@@ -9,4 +9,4 @@ require "rubocop/rake_task"
 RuboCop::RakeTask.new
-task default: %i[spec rubocop]
+task default: %i[spec]

data/lib/tainted/lint.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Tainted
     def initialize(filepath, sources, sinks)
       @filepath = filepath
-      t = Tainted::DataFlow.new(@filepath)
+      t = DataFlow.new(@filepath)
       t.generate
       var_dependencies = t.tainted
       State.instance.var_dependencies = var_dependencies

data/lib/tainted/static.rb CHANGED Viewed

@@ -4,10 +4,11 @@ module Tainted
   class Static < SyntaxTree::Visitor
     attr_reader :result
-    def initialize(sources, _sinks)
+    def initialize(sources, sinks)
       super()
       @sources = sources
+      @sinks = sinks
       @result = []
     end
@@ -29,10 +30,17 @@ module Tainted
     def parse_assign(node)
       variable_name = node.target.value.value
-      # pp node.value.class
-      return unless node.value.is_a?(SyntaxTree::CallNode)
-      method_name = node.value.message.value
+      method_name =
+        case node.value
+        when SyntaxTree::CallNode
+          node.value.message.value
+        when SyntaxTree::ARef
+          # (aref (vcall (ident "<method_name>")))
+          node.value.collection.value.value
+        end
+      return if method_name.nil?
       return unless @sources.include?(method_name&.to_sym)
       State.instance.var_dependencies[variable_name.to_sym][:tainted] = true
@@ -45,6 +53,8 @@ module Tainted
         arguments.map { |arg| [arg, taint_status(arg.value.value.to_sym)] }
       method_name = node.message.value
+      return unless @sinks.include?(method_name.to_sym)
       taint_statuses.each do |status|
         next unless status[1]

data/lib/tainted/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Tainted
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tainted
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Syed Faraaz Ahmad
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-23 00:00:00.000000000 Z
+date: 2023-11-04 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -23,7 +23,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- fixtures/simple.rb
 - lib/tainted.rb
 - lib/tainted/dataflow.rb
 - lib/tainted/lint.rb

data/fixtures/simple.rb DELETED Viewed

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-a = tainted()
-b = a + 1
-c = b + 2
-d = b + c
-unsafe(d)
-unsafe(c)