Skip to content
Browse files

Taint analysis: Updated to add remarks for issues that require verifi…

…cation [Issue #209]
  • Loading branch information...
1 parent 4f45260 commit 2f06e913b14e4e5725bbc1f38663bf1994b0e745 @Zapotek Zapotek committed Jan 22, 2013
View
2 CHANGELOG.md
@@ -53,6 +53,8 @@
suboptimal state of the server while the issue was identified.
- Discovery: Updated to add a remark to affected issues about the
extreme similarities between issues of similar type.
+- Analysis techniques
+ - Taint -- Updated to add remarks for issues that require verification.
- Modules
- General
- Updated module names along with some descriptions and issue names.
View
7 lib/arachni/element/capabilities/auditable/taint.rb
@@ -52,6 +52,9 @@ module Auditable::Taint
ignore: nil
}
+ REMARK = "This issue was identified by a pattern but the pattern matched " +
+ "the page's response body even before auditing the logged element."
+
#
# Performs taint analysis and logs an issue should there be one.
#
@@ -90,6 +93,8 @@ def match_substring_and_log( substring, res, opts )
opts[:verification] = @auditor.page && @auditor.page.body &&
@auditor.page.body.include?( substring )
+ opts[:remarks] = { auditor: [REMARK] } if opts[:verification]
+
if res.body.include?( substring ) && !ignore?( res, opts )
opts[:regexp] = opts[:id] = opts[:match] = substring.dup
@auditor.log( opts, res )
@@ -105,6 +110,8 @@ def match_regexp_and_log( regexp, res, opts )
# An annoying encoding exception may be thrown when matching the regexp.
opts[:verification] = (@auditor.page && @auditor.page.body.to_s =~ regexp) rescue false
+ opts[:remarks] = { auditor: [REMARK] } if opts[:verification]
+
# fairly obscure condition...pardon me...
if ( opts[:match] && match_data == opts[:match] ) ||
( !opts[:match] && match_data && match_data.size > 0 )
View
18 spec/arachni/element/capabilities/auditable/taint_spec.rb
@@ -83,7 +83,7 @@
end
context 'when the page matches the regexp even before we audit it' do
- it 'should flag the issue as requiring manual verification' do
+ it 'should flag the issue as requiring manual verification and add a remark' do
seed = 'Inject here'
@positive.taint_analysis( 'Inject here',
@@ -92,8 +92,12 @@
)
@auditor.http.run
issues.size.should == 1
- issues.first.injected.should == seed
- issues.first.verification.should be_true
+
+ issue = issues.first
+
+ issue.injected.should == seed
+ issue.verification.should be_true
+ issue.remarks[:auditor].should be_any
end
end
end
@@ -120,8 +124,12 @@
)
@auditor.http.run
issues.size.should == 1
- issues.first.injected.should == seed
- issues.first.verification.should be_true
+
+ issue = issues.first
+
+ issue.injected.should == seed
+ issue.verification.should be_true
+ issue.remarks[:auditor].should be_any
end
end

0 comments on commit 2f06e91

Please sign in to comment.
Something went wrong with that request. Please try again.