private ExpressionInfo StoredMethodHandler(ExpressionInfo exprInfo, XmlNode node)
{
var functionCallExtractor = new FunctionCallExtractor();
var methodCall = functionCallExtractor.ExtractMethodCall(node, this._variableStorage, this._analysisScope);
var fh = FunctionsHandler.Instance;
foreach (var className in methodCall.ClassNames.Distinct())
{
var sqlSinkFunc = fh.FindSQLSinkByName(methodCall.CreateFullMethodName(className));
if (sqlSinkFunc == null)
{
continue;
}
var vulnerableSqlParams = sqlSinkFunc.Parameters.Where(x => x.Value.IsSensitive).ToDictionary(pair => pair.Key);
var param = methodCall.Arguments.Where(x => vulnerableSqlParams.Keys.Any(z => z.Item1 == x.Key));
foreach (var parameter in param)
{
ExpressionInfo customParameterAnalysis = Analyze(parameter.Value);
if (customParameterAnalysis.ValueInfo.Value == null)
continue;
if (StringAnalysis.IsSQLInsertionStmt(customParameterAnalysis.ValueInfo.Value))
{
customParameterAnalysis.ExpressionStoredTaint =
new StoredVulnInfo(StringAnalysis.RetrieveSQLTableName(customParameterAnalysis.ValueInfo.Value),
AstNode.GetStartLine(node)) {
Taint = customParameterAnalysis.ExpressionTaint,
ICantFeelIt = IsItInYet.YesItsGoingIn
};
InsertIntoStoredLocation(customParameterAnalysis, node);
customParameterAnalysis = new ExpressionInfo();
}
else if (StringAnalysis.IsSQLRetrieveStmt(customParameterAnalysis.ValueInfo.Value))
{
customParameterAnalysis.ExpressionStoredTaint =
new StoredVulnInfo(StringAnalysis.RetrieveSQLTableName(customParameterAnalysis.ValueInfo.Value),
AstNode.GetStartLine(node)) {
Taint = new DefaultTaintProvider().GetTaintedTaintSet(),
ICantFeelIt = IsItInYet.NoImPullingOut
};
exprInfo.ValueInfo.NestedVariablePossibleStoredDefaultTaintFactory = () => new DefaultTaintProvider().GetTaintedTaintSet();
}
exprInfo.ExpressionStoredTaint = exprInfo.ExpressionStoredTaint.Merge(customParameterAnalysis.ExpressionStoredTaint);
}
}
return exprInfo;
}
