private void CheckForXssVulnerabilities(ExpressionInfo expressionInfo, XmlNode node)
{
foreach (var vuln in expressionInfo.ExpressionTaint.XssTaint.Where(taint => taint.TaintTag != XSSTaint.None))
{
string varName = (vuln.InitialTaintedVariable ?? "???");
string message = "XSS vulnerability found on variable: " + varName +
" on line: " + AstNode.GetStartLine(node) + " in file: " + _analysisStacks.IncludeStack.Peek();
_vulnerabilityStorage.AddVulnerability(new VulnerabilityInfo()
{
Message = message,
IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(),
CallStack = _analysisStacks.CallStack.ToImmutableStack()
});
}
if (expressionInfo.ValueInfo.PossibleStoredTaint == null)
{
return;
}
var xssTaintSets = expressionInfo.ValueInfo.PossibleStoredTaint.Taint.XssTaint;
foreach (var possibleVuln in xssTaintSets.Where(taint => taint.TaintTag != XSSTaint.None))
{
string varName = possibleVuln.InitialTaintedVariable ?? "???";
var vulnMessage = "Tainted outgoing reaches sensitive sink: {0} on line: {1} in file: {2}";
string message = string.Format(vulnMessage, varName, AstNode.GetStartLine(node), _analysisStacks.IncludeStack.Peek());
var vulnInfo = new StoredVulnerabilityInfo()
{
Message = message,
PossibleStoredVuln = expressionInfo.ValueInfo.PossibleStoredTaint,
IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(),
CallStack = _analysisStacks.CallStack.ToImmutableStack(),
VulnerabilityType = VulnType.XSS
};
_vulnerabilityStorage.AddPossibleStoredVulnerability(vulnInfo);
}
}
