Skip to content

Commit 986532a

Browse files
adrianbnadrianbn
committed
128: Stop asking for all chains
1 parent c0ef675 commit 986532a

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

pyt/vulnerabilities/vulnerabilities.py

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -327,38 +327,38 @@ def how_vulnerable(
327327
if current_node in sanitiser_nodes:
328328
vuln_deets['sanitiser'] = current_node
329329
vuln_deets['confident'] = True
330-
return VulnerabilityType.SANITISED
330+
return VulnerabilityType.SANITISED, interactive
331331

332332
if isinstance(current_node, BBorBInode):
333333
if current_node.func_name in blackbox_mapping['propagates']:
334334
continue
335335
elif current_node.func_name in blackbox_mapping['does_not_propagate']:
336-
return VulnerabilityType.FALSE
336+
return VulnerabilityType.FALSE, interactive
337337
elif interactive:
338338
user_says = input(
339-
'Is the return value of {} with tainted argument "{}" vulnerable? ([Y]es/[N]o/[S]top)'.format(
339+
'Is the return value of {} with tainted argument "{}" vulnerable? ([Y]es/[N]o/[S]top asking)'.format(
340340
current_node.label,
341341
chain[i - 1].left_hand_side
342342
)
343343
).lower()
344344
if user_says.startswith('s'):
345345
interactive = False
346346
vuln_deets['unknown_assignment'] = current_node
347-
return VulnerabilityType.UNKNOWN
347+
return VulnerabilityType.UNKNOWN, interactive
348348
if user_says.startswith('n'):
349349
blackbox_mapping['does_not_propagate'].append(current_node.func_name)
350-
return VulnerabilityType.FALSE
350+
return VulnerabilityType.FALSE, interactive
351351
blackbox_mapping['propagates'].append(current_node.func_name)
352352
else:
353353
vuln_deets['unknown_assignment'] = current_node
354-
return VulnerabilityType.UNKNOWN
354+
return VulnerabilityType.UNKNOWN, interactive
355355

356356
if potential_sanitiser:
357357
vuln_deets['sanitiser'] = potential_sanitiser
358358
vuln_deets['confident'] = False
359-
return VulnerabilityType.SANITISED
359+
return VulnerabilityType.SANITISED, interactive
360360

361-
return VulnerabilityType.TRUE
361+
return VulnerabilityType.TRUE, interactive
362362

363363

364364
def get_tainted_node_in_sink_args(
@@ -443,12 +443,13 @@ def get_vulnerability(
443443
cfg.nodes,
444444
lattice
445445
)
446+
446447
for chain in get_vulnerability_chains(
447448
source.cfg_node,
448449
sink.cfg_node,
449450
def_use
450451
):
451-
vulnerability_type = how_vulnerable(
452+
vulnerability_type, interactive = how_vulnerable(
452453
chain,
453454
blackbox_mapping,
454455
sanitiser_nodes,
@@ -462,9 +463,9 @@ def get_vulnerability(
462463

463464
vuln_deets['reassignment_nodes'] = chain
464465

465-
return vuln_factory(vulnerability_type)(**vuln_deets)
466+
return vuln_factory(vulnerability_type)(**vuln_deets), interactive
466467

467-
return None
468+
return None, interactive
468469

469470

470471
def find_vulnerabilities_in_cfg(
@@ -495,7 +496,7 @@ def find_vulnerabilities_in_cfg(
495496
)
496497
for sink in triggers.sinks:
497498
for source in triggers.sources:
498-
vulnerability = get_vulnerability(
499+
vulnerability, interactive = get_vulnerability(
499500
source,
500501
sink,
501502
triggers,

0 commit comments

Comments
 (0)