private void CheckForSQLVulnerabilities(ExpressionInfo expressionInfo, XmlNode node)
{
foreach (var vuln in expressionInfo.ExpressionTaint.SqliTaint)
{
if (vuln.TaintTag != SQLITaint.None)
{
string message = "SQL vulnerability found on variable: " + vuln.InitialTaintedVariable +
" on line: " + AstNode.GetStartLine(node) + " in file: " + _analysisStacks.IncludeStack.Peek();
_vulnerabilityStorage.AddVulnerability(new VulnerabilityInfo()
{
Message = message,
IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(),
CallStack = _analysisStacks.CallStack.ToImmutableStack(),
});
}
}
if (expressionInfo.ValueInfo.PossibleStoredTaint == null)
{
return;
}
var sqliTaintSets = expressionInfo.ValueInfo.PossibleStoredTaint.Taint.SqliTaint;
foreach (var possibleVuln in sqliTaintSets.Where(taint => taint.TaintTag != SQLITaint.None))
{
string varName = possibleVuln.InitialTaintedVariable ?? "???";
var vulnMessage = "Tainted outgoing reaches sensitive sink: {0} on line: {1} in file: {2}";
string message = string.Format(vulnMessage, varName, AstNode.GetStartLine(node), _analysisStacks.IncludeStack.Peek());
var vulnInfo = new StoredVulnerabilityInfo()
{
Message = message,
PossibleStoredVuln = expressionInfo.ValueInfo.PossibleStoredTaint,
IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(),
CallStack = _analysisStacks.CallStack.ToImmutableStack(),
VulnerabilityType = VulnType.SQL
};
_vulnerabilityStorage.AddPossibleStoredVulnerability(vulnInfo);
}
}
