Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reuse tainted objects
Browse files Browse the repository at this point in the history
e-n-0 committed Mar 4, 2024
1 parent cc0d750 commit 5aafa71
Showing 1 changed file with 5 additions and 6 deletions.
Original file line number Diff line number Diff line change
@@ -54,7 +54,7 @@ public class JavaScriptSerializerAspects
return result;
}

TaintObject(result);
TaintObject(result, taintedObjects);
}
catch (Exception ex)
{
@@ -64,27 +64,26 @@ public class JavaScriptSerializerAspects
return result;
}

private static void TaintObject(object obj)
private static void TaintObject(object obj, TaintedObjects taintedObjects)
{
switch (obj)
{
case string str:
var taintedObjects = IastModule.GetIastContext()?.GetTaintedObjects();
taintedObjects?.Taint(obj, [new Range(0, str.Length)]);
taintedObjects.Taint(obj, [new Range(0, str.Length)]);
break;

case Dictionary<string, object> objects:
foreach (var item in objects)
{
TaintObject(item.Value);
TaintObject(item.Value, taintedObjects);
}

break;

case object[] objects:
foreach (var item in objects)
{
TaintObject(item);
TaintObject(item, taintedObjects);
}

break;

0 comments on commit 5aafa71

Please sign in to comment.