Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use var instead of let (Closes #5) #6

Merged
merged 1 commit into from
Sep 10, 2024
Merged

Use var instead of let (Closes #5) #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions example/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,9 +178,9 @@ module.exports = function f(source) {
return exec(source);
};

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let source = [ esl_symbolic.string("source0") ];
var source = [ esl_symbolic.string("source0") ];
module.exports(source);
```
2 changes: 1 addition & 1 deletion src/instrumentation/vuln_literal.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ and pp_obj_props map fmt props =
and pp_params_as_decl map fmt (params : (string * param_type) list) =
pp_print_list
~pp_sep:(fun fmt () -> fprintf fmt ";@\n")
(pp_param map "@[<hov 2>let %s =@ %a@]")
(pp_param map "@[<hov 2>var %s =@ %a@]")
fmt params

let pp_params_as_args fmt (args : (string * 'a) list) =
Expand Down
6 changes: 3 additions & 3 deletions src/instrumentation/vuln_symbolic.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,13 @@ open Format
open Vuln_intf

let template0 : ('a, Format.formatter, unit) format =
"let esl_symbolic = require(\"esl_symbolic\");@\n\
"var esl_symbolic = require(\"esl_symbolic\");@\n\
esl_symbolic.sealProperties(Object.prototype);@\n\
// Vuln: %a@\n\
%a"

let template1 : ('a, Format.formatter, unit) format =
"let esl_symbolic = require(\"esl_symbolic\");@\n\
"var esl_symbolic = require(\"esl_symbolic\");@\n\
// Vuln: %a@\n\
%a@\n\
if (({}).toString == \"polluted\") { throw Error(\"I pollute.\"); }"
Expand Down Expand Up @@ -69,7 +69,7 @@ and pp_obj_props fmt props =
and pp_params_as_decl fmt (params : (string * param_type) list) =
pp_print_list
~pp_sep:(fun fmt () -> fprintf fmt ";@\n")
(pp_param "@[<hov 2>let %s =@ %a@]")
(pp_param "@[<hov 2>var %s =@ %a@]")
fmt params

let pp_params_as_args fmt (args : (string * 'a) list) =
Expand Down
2 changes: 1 addition & 1 deletion test/instrumentation/test_literal.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@
}

// Vuln: command-injection
let some_arg = "sou um valor concreto!";
var some_arg = "sou um valor concreto!";
module.exports(some_arg);
26 changes: 13 additions & 13 deletions test/instrumentation/test_toy.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ Test toy examples:
return exec(x);
};

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let x = esl_symbolic.string("x");
var x = esl_symbolic.string("x");
module.exports(x);
$ instrumentation2 symbolic toy/vfunretbyexport.json -o -
Genrating -
Expand All @@ -23,12 +23,12 @@ Test toy examples:
};
};

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: code-injection
let a = esl_symbolic.string("a");
var a = esl_symbolic.string("a");
var ret_f1 = f1(a);
let b = esl_symbolic.number("b");
var b = esl_symbolic.number("b");
ret_f1(b);
function f1(a) {
return function f2(b) {
Expand All @@ -38,12 +38,12 @@ Test toy examples:
};
};

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: code-injection
let a = esl_symbolic.string("a");
var a = esl_symbolic.string("a");
var ret_f1 = f1(a);
let b = esl_symbolic.number("b");
var b = esl_symbolic.number("b");
ret_f1(b);
$ instrumentation2 symbolic toy/vfunpropofexportedobj.json toy/vfunpropofexportedobj.js -o -
Genrating -
Expand All @@ -61,12 +61,12 @@ Test toy examples:

module.exports.Obj = Obj;

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: code-injection
let source = esl_symbolic.string("source");
var source = esl_symbolic.string("source");
var ret_module_exports_Obj = module.exports.Obj(source);
let obj = { cond: esl_symbolic.number("cond") };
var obj = { cond: esl_symbolic.number("cond") };
ret_module_exports_Obj.f(obj);
$ instrumentation2 symbolic toy/example-20.json toy/example-20.js -o -
Genrating -
Expand All @@ -80,9 +80,9 @@ Test toy examples:
return eval(target);
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: code-injection
let x = esl_symbolic.string("x");
var x = esl_symbolic.string("x");
f(x);
eval_target();
60 changes: 30 additions & 30 deletions test/instrumentation/test_unit.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,32 +5,32 @@ Test unit:
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = esl_symbolic.any("some_arg");
var some_arg = esl_symbolic.any("some_arg");
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/array.json unit/identity.js
Genrating -
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = [ esl_symbolic.string("some_arg0") ];
var some_arg = [ esl_symbolic.string("some_arg0") ];
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/array2.json unit/identity.js
Genrating -
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg =
var some_arg =
[ esl_symbolic.string("some_arg0"), esl_symbolic.boolean("some_arg1"), esl_symbolic.number("some_arg2") ];
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/bool.json unit/identity.js
Expand All @@ -39,64 +39,64 @@ Test unit:
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = esl_symbolic.boolean("some_arg");
var some_arg = esl_symbolic.boolean("some_arg");
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/function.json unit/identity.js
Genrating -
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = esl_symbolic.function("some_arg");
var some_arg = esl_symbolic.function("some_arg");
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/lazy_object.json unit/identity.js
Genrating -
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: path-traversal
let some_arg = esl_symbolic.lazy_object();
var some_arg = esl_symbolic.lazy_object();
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/number.json unit/identity.js
Genrating -
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = esl_symbolic.number("some_arg");
var some_arg = esl_symbolic.number("some_arg");
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/object.json unit/identity.js
Genrating -
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = { };
var some_arg = { };
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/polluted_object2.json unit/identity.js
Genrating -
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
// Vuln: prototype-pollution
let some_arg = esl_symbolic.polluted_object(2);
var some_arg = esl_symbolic.polluted_object(2);
module.exports(some_arg);
if (({}).toString == "polluted") { throw Error("I pollute."); }
$ instrumentation2 symbolic -o - unit/polluted_object3.json unit/identity.js
Expand All @@ -105,9 +105,9 @@ Test unit:
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
// Vuln: prototype-pollution
let some_arg = esl_symbolic.polluted_object(3);
var some_arg = esl_symbolic.polluted_object(3);
module.exports(some_arg);
if (({}).toString == "polluted") { throw Error("I pollute."); }
$ instrumentation2 symbolic -o - unit/string.json unit/identity.js
Expand All @@ -116,10 +116,10 @@ Test unit:
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = esl_symbolic.string("some_arg");
var some_arg = esl_symbolic.string("some_arg");
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/union.json unit/identity.js
Genrating -
Expand All @@ -129,37 +129,37 @@ Test unit:
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = esl_symbolic.string("some_arg");
var some_arg = esl_symbolic.string("some_arg");
module.exports(some_arg);
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = esl_symbolic.boolean("some_arg");
var some_arg = esl_symbolic.boolean("some_arg");
module.exports(some_arg);
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let some_arg = esl_symbolic.number("some_arg");
var some_arg = esl_symbolic.number("some_arg");
module.exports(some_arg);
$ instrumentation2 symbolic -o - unit/dynamic.json unit/identity.js
Genrating -
module.exports = function identity(some_arg) {
return some_arg
}

let esl_symbolic = require("esl_symbolic");
var esl_symbolic = require("esl_symbolic");
esl_symbolic.sealProperties(Object.prototype);
// Vuln: command-injection
let obj = { dp0: esl_symbolic.any("dp0") };
var obj = { dp0: esl_symbolic.any("dp0") };
module.exports(obj);
Loading