Skip to content

Commit

Permalink
feat: add offense class
Browse files Browse the repository at this point in the history
  • Loading branch information
faraazahmad committed Nov 9, 2023
1 parent b7a980a commit f8b6eee
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 9 deletions.
9 changes: 7 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,13 @@ require 'tainted'
file = "#{__dir__}/../fixtures/simple.rb"
lint = Tainted::Lint.new(file, %i[tainted], %i[unsafe])
lint.analyze
# Method `unsafe()` consuming tainted variable `d`
# Method `unsafe()` consuming tainted variable `c`
=>
[#<Tainted::Offense:0x0000000107caf690
@message="Method `unsafe()` consuming tainted variable `d`",
@node=(call nil nil (ident "unsafe") (arg_paren (args ((var_ref (ident "d"))))))>,
#<Tainted::Offense:0x0000000107caf5f0
@message="Method `unsafe()` consuming tainted variable `c`",
@node=(call nil nil (ident "unsafe") (arg_paren (args ((var_ref (ident "c"))))))>]
```

## Development
Expand Down
1 change: 1 addition & 0 deletions lib/tainted.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
require_relative "tainted/static"
require_relative "tainted/lint"
require_relative "tainted/dataflow"
require_relative "tainted/offense"
require_relative "tainted/version"

module Tainted
Expand Down
2 changes: 1 addition & 1 deletion lib/tainted/lint.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ def initialize(filepath, sources, sinks)

def analyze
@visitor.visit(SyntaxTree.parse_file(@filepath))
@visitor.result
@visitor.offenses
end
end
end
12 changes: 12 additions & 0 deletions lib/tainted/offense.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# frozen_string_literal: true

module Tainted
class Offense
attr_reader :node, :message

def initialize(node, message)
@node = node
@message = message
end
end
end
6 changes: 3 additions & 3 deletions lib/tainted/static.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@

module Tainted
class Static < SyntaxTree::Visitor
attr_reader :result
attr_reader :offenses

def initialize(sources, sinks)
super()

@sources = sources
@sinks = sinks
@result = []
@offenses = []
end

def visit(node)
Expand Down Expand Up @@ -58,7 +58,7 @@ def parse_call(node)
taint_statuses.each do |status|
next unless status[1]

@result << "Method `#{method_name}()` consuming tainted variable `#{status[0].value.value}`"
@offenses << Offense.new(node, "Method `#{method_name}()` consuming tainted variable `#{status[0].value.value}`")
end
end

Expand Down
2 changes: 1 addition & 1 deletion lib/tainted/version.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# frozen_string_literal: true

module Tainted
VERSION = "0.2.0"
VERSION = "0.3.0"
end
4 changes: 2 additions & 2 deletions spec/lib/tainted/lint_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
it "returns a result listing the taint errors" do
file = File.expand_path "#{__dir__}/../../fixtures/simple.rb"
lint = Tainted::Lint.new(file, %i[tainted], %i[unsafe])
result = lint.analyze
result = lint.analyze.map { |offense| offense.message }

expect(result).to eq(
[
Expand All @@ -18,7 +18,7 @@
it "returns issue for sql query from unsanitized param" do
file = File.expand_path "#{__dir__}/../../fixtures/params.rb"
lint = Tainted::Lint.new(file, %i[params], %i[execute])
result = lint.analyze
result = lint.analyze.map { |offense| offense.message }

expect(result).to eq(
[
Expand Down

0 comments on commit f8b6eee

Please sign in to comment.