private ExpressionInfo StoredFuncHandler(ExpressionInfo exprInfo, XmlNode node, List<ExpressionInfo> argInfos)
{
var resultExpr = new ExpressionInfo();
var functionCallExtractor = new FunctionCallExtractor();
var functionCall = functionCallExtractor.ExtractFunctionCall(node);
var fh = FunctionsHandler.Instance;
var sqlSinkFunc = fh.FindSQLSinkByName(functionCall.Name);
if (sqlSinkFunc != null)
{
var vulnerableSqlParams = sqlSinkFunc.Parameters.Where(x => x.Value.IsSensitive).ToDictionary(pair => pair.Key);
var param = functionCall.Arguments.Where(x => vulnerableSqlParams.Keys.Any(z => z.Item1 == x.Key));
foreach (var arg in argInfos)
{
exprInfo = arg;
if (exprInfo.ValueInfo.Value == null)
{
continue;
}
if (StringAnalysis.IsSQLInsertionStmt(exprInfo.ValueInfo.Value))
{
exprInfo.ExpressionStoredTaint =
new StoredVulnInfo(StringAnalysis.RetrieveSQLTableName(exprInfo.ValueInfo.Value), AstNode.GetStartLine(node))
{
Taint = exprInfo.ExpressionTaint,
ICantFeelIt = IsItInYet.YesItsGoingIn
};
InsertIntoStoredLocation(exprInfo, node);
exprInfo = new ExpressionInfo();
}
else if(StringAnalysis.IsSQLRetrieveStmt(exprInfo.ValueInfo.Value))
{
exprInfo.ExpressionStoredTaint =
new StoredVulnInfo(StringAnalysis.RetrieveSQLTableName(exprInfo.ValueInfo.Value), AstNode.GetStartLine(node))
{
Taint = new DefaultTaintProvider().GetTaintedTaintSet(),
ICantFeelIt = IsItInYet.NoImPullingOut
};
resultExpr.ValueInfo.NestedVariablePossibleStoredDefaultTaintFactory = () => new DefaultTaintProvider().GetTaintedTaintSet();
}
resultExpr.ExpressionStoredTaint = resultExpr.ExpressionStoredTaint.Merge(exprInfo.ExpressionStoredTaint);
}
}
else
{
return exprInfo;
}
return resultExpr;
}
