private void InsertIntoStoredLocation(ExpressionInfo expressionInfo, XmlNode node)
{
if (expressionInfo.ExpressionStoredTaint != null)
{
if (expressionInfo.ExpressionStoredTaint.ICantFeelIt != IsItInYet.YesItsGoingIn)
{
throw new NotSupportedException("Trying to insert a Stored taint into vulnerabilityStorage, " +
"but is not tagged with in-going store taint");
}
// SQLI
foreach (var possibleVuln in expressionInfo.ExpressionStoredTaint.Taint.SqliTaint)
{
if (possibleVuln.TaintTag != SQLITaint.None)
{
string varName = (possibleVuln.InitialTaintedVariable ?? "???");
string message = "Stored SQLI found - Ingoing: " + varName +
" on line: " + AstNode.GetStartLine(node) + " in file: " + _analysisStacks.IncludeStack.Peek();
_vulnerabilityStorage.AddPossibleStoredVulnerability(new StoredVulnerabilityInfo()
{
Message = message,
PossibleStoredVuln = expressionInfo.ExpressionStoredTaint,
IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(),
CallStack = _analysisStacks.CallStack.ToImmutableStack(),
VulnerabilityType = VulnType.SQL
});
}
}
// XSS
foreach (var possibleVuln in expressionInfo.ExpressionStoredTaint.Taint.XssTaint)
{
if (possibleVuln.TaintTag != XSSTaint.None)
{
string varName = (possibleVuln.InitialTaintedVariable ?? "???");
string message = "Stored XSS found - Ingoing: " + varName +
" on line: " + AstNode.GetStartLine(node) + " in file: " + _analysisStacks.IncludeStack.Peek();
_vulnerabilityStorage.AddPossibleStoredVulnerability(new StoredVulnerabilityInfo()
{
Message = message,
PossibleStoredVuln = expressionInfo.ExpressionStoredTaint,
IncludeStack = _analysisStacks.IncludeStack.ToImmutableStack(),
CallStack = _analysisStacks.CallStack.ToImmutableStack(),
VulnerabilityType = VulnType.XSS
});
}
}
}
}