@@ -353,20 +353,17 @@ impl<'cx> Runner<'cx> for PrototypePollutionChecker {
353353 curr_state : & Self :: State ,
354354 ) -> ControlFlow < ( ) , Self :: State > {
355355 for inst in & block. insts {
356- if let Inst :: Assign ( l, _r) = inst {
357- if let [
356+ if let Inst :: Assign ( l, _r) = inst
357+ && let [
358358 Projection :: Computed ( Base :: Var ( fst) ) ,
359359 Projection :: Computed ( Base :: Var ( snd) ) ,
360360 ..,
361361 ] = * l. projections
362- {
363- if curr_state. get ( fst. 0 as usize ) . copied ( ) == Some ( Taint :: Yes )
364- && curr_state. get ( snd. 0 as usize ) . copied ( ) == Some ( Taint :: Yes )
365- {
366- info ! ( "Prototype pollution vuln detected" ) ;
367- return ControlFlow :: Break ( ( ) ) ;
368- }
369- }
362+ && curr_state. get ( fst. 0 as usize ) . copied ( ) == Some ( Taint :: Yes )
363+ && curr_state. get ( snd. 0 as usize ) . copied ( ) == Some ( Taint :: Yes )
364+ {
365+ info ! ( "Prototype pollution vuln detected" ) ;
366+ return ControlFlow :: Break ( ( ) ) ;
370367 }
371368 }
372369 ControlFlow :: Continue ( curr_state. clone ( ) )
@@ -1083,27 +1080,25 @@ impl<'cx> Dataflow<'cx> for PermissionDataflow {
10831080 ) ;
10841081 } else if let Some ( VarKind :: GlobalRef ( def) ) =
10851082 interp. body ( ) . vars . get ( varid)
1086- {
1087- if let Some ( value @ Value :: Const ( _) ) =
1083+ && let Some ( value @ Value :: Const ( _) ) =
10881084 interp. value_manager . defid_to_value . get ( def)
1089- {
1090- add_elements_to_intrinsic_struct (
1091- value,
1092- intrinsic_argument. first_arg . insert ( vec ! [ ] ) ,
1093- ) ;
1094- }
1085+ {
1086+ add_elements_to_intrinsic_struct (
1087+ value,
1088+ intrinsic_argument. first_arg . insert ( vec ! [ ] ) ,
1089+ ) ;
10951090 }
10961091 }
10971092 }
10981093 }
10991094 }
1100- if let Some ( Operand :: Var ( variable) ) = second {
1101- if let Base :: Var ( varid) = variable. base {
1102- let mut method_vec = ProjectionVec :: new ( ) ;
1103- method_vec . push ( Projection :: Known ( "method" . into ( ) ) ) ;
1104- if let Some ( value ) = interp . get_value ( _def , varid , Some ( method_vec ) ) {
1105- self . handle_second_arg ( value , & mut intrinsic_argument ) ;
1106- }
1095+ if let Some ( Operand :: Var ( variable) ) = second
1096+ && let Base :: Var ( varid) = variable. base
1097+ {
1098+ let mut method_vec = ProjectionVec :: new ( ) ;
1099+ method_vec . push ( Projection :: Known ( "method" . into ( ) ) ) ;
1100+ if let Some ( value ) = interp . get_value ( _def , varid , Some ( method_vec ) ) {
1101+ self . handle_second_arg ( value , & mut intrinsic_argument ) ;
11071102 }
11081103 }
11091104
@@ -1472,42 +1467,40 @@ impl<'cx> Dataflow<'cx> for DefinitionAnalysisRunner {
14721467 // this piece is definition analysis largely for global variables since they are not assigned a VarId, so we use the DefId
14731468 match rvalue {
14741469 Rvalue :: Call ( Operand :: Var ( variable) , _) => {
1475- if let Base :: Var ( varid) = variable. base {
1476- if let Some ( VarKind :: GlobalRef ( defid) ) = interp. body ( ) . vars . get ( varid) {
1477- if let Base :: Var ( varid_to_assign) = var. base {
1478- interp
1479- . value_manager
1480- . expected_return_values
1481- . insert ( * defid, ( def, varid_to_assign) ) ;
1482- }
1483- }
1470+ if let Base :: Var ( varid) = variable. base
1471+ && let Some ( VarKind :: GlobalRef ( defid) ) = interp. body ( ) . vars . get ( varid)
1472+ && let Base :: Var ( varid_to_assign) = var. base
1473+ {
1474+ interp
1475+ . value_manager
1476+ . expected_return_values
1477+ . insert ( * defid, ( def, varid_to_assign) ) ;
14841478 }
14851479 }
14861480 Rvalue :: Read ( _operand) => {
1487- if let Rvalue :: Read ( Operand :: Lit ( Literal :: Str ( str) ) ) = rvalue {
1488- if let Base :: Var ( varid) = var. base {
1489- if let Some ( VarKind :: GlobalRef ( def) ) = interp. body ( ) . vars . get ( varid)
1490- {
1491- interp. value_manager . defid_to_value . insert (
1492- * def,
1493- Value :: Const ( Const :: Literal ( str. to_string ( ) ) ) ,
1494- ) ;
1495- } else if let Some ( VarKind :: LocalDef ( def) ) =
1496- interp. body ( ) . vars . get ( varid)
1497- {
1498- interp. value_manager . defid_to_value . insert (
1499- * def,
1500- Value :: Const ( Const :: Literal ( str. to_string ( ) ) ) ,
1501- ) ;
1502- } else if let Some ( & VarKind :: Temp {
1503- parent : Some ( defid_parent) ,
1504- } ) = interp. body ( ) . vars . get ( varid)
1505- {
1506- interp. value_manager . defid_to_value . insert (
1507- defid_parent,
1508- Value :: Const ( Const :: Literal ( str. to_string ( ) ) ) ,
1509- ) ;
1510- }
1481+ if let Rvalue :: Read ( Operand :: Lit ( Literal :: Str ( str) ) ) = rvalue
1482+ && let Base :: Var ( varid) = var. base
1483+ {
1484+ if let Some ( VarKind :: GlobalRef ( def) ) = interp. body ( ) . vars . get ( varid) {
1485+ interp
1486+ . value_manager
1487+ . defid_to_value
1488+ . insert ( * def, Value :: Const ( Const :: Literal ( str. to_string ( ) ) ) ) ;
1489+ } else if let Some ( VarKind :: LocalDef ( def) ) =
1490+ interp. body ( ) . vars . get ( varid)
1491+ {
1492+ interp
1493+ . value_manager
1494+ . defid_to_value
1495+ . insert ( * def, Value :: Const ( Const :: Literal ( str. to_string ( ) ) ) ) ;
1496+ } else if let Some ( & VarKind :: Temp {
1497+ parent : Some ( defid_parent) ,
1498+ } ) = interp. body ( ) . vars . get ( varid)
1499+ {
1500+ interp. value_manager . defid_to_value . insert (
1501+ defid_parent,
1502+ Value :: Const ( Const :: Literal ( str. to_string ( ) ) ) ,
1503+ ) ;
15111504 }
15121505 }
15131506 /* should be expanded to include all cases ... */
@@ -1536,31 +1529,31 @@ impl<'cx> Dataflow<'cx> for DefinitionAnalysisRunner {
15361529 let mut args = args. clone ( ) ;
15371530 args. reverse ( ) ;
15381531 for ( varid, varkind) in function_var. iter_enumerated ( ) {
1539- if let VarKind :: GlobalRef ( _) = varkind {
1540- if let Some ( operand) = args. pop ( ) {
1541- interp . add_value ( def , varid , operand . clone ( ) ) ;
1542- interp
1543- . body ( )
1544- . vars
1545- . iter_enumerated ( )
1546- . for_each ( | ( varid_alt , varkind_alt ) | {
1547- let defult_projections = Variable :: from ( varid_alt) ;
1548-
1549- if let ( Some ( defid_alt ) , Some ( defid ) ) = (
1550- get_defid_from_varkind ( varkind_alt ) ,
1551- get_defid_from_varkind ( varkind ) ,
1552- ) {
1553- if defid == defid_alt && varid_alt != varid {
1554- interp . add_value_with_projection (
1555- def ,
1556- varid_alt ,
1557- operand . clone ( ) ,
1558- defult_projections . projections ,
1559- ) ;
1560- }
1561- }
1562- } )
1563- }
1532+ if let VarKind :: GlobalRef ( _) = varkind
1533+ && let Some ( operand) = args. pop ( )
1534+ {
1535+ interp . add_value ( def , varid , operand . clone ( ) ) ;
1536+ interp
1537+ . body ( )
1538+ . vars
1539+ . iter_enumerated ( )
1540+ . for_each ( | ( varid_alt, varkind_alt ) | {
1541+ let defult_projections = Variable :: from ( varid_alt ) ;
1542+
1543+ if let ( Some ( defid_alt ) , Some ( defid ) ) = (
1544+ get_defid_from_varkind ( varkind_alt ) ,
1545+ get_defid_from_varkind ( varkind ) ,
1546+ ) && defid == defid_alt
1547+ && varid_alt != varid
1548+ {
1549+ interp . add_value_with_projection (
1550+ def ,
1551+ varid_alt ,
1552+ operand . clone ( ) ,
1553+ defult_projections . projections ,
1554+ ) ;
1555+ }
1556+ } )
15641557 }
15651558 }
15661559 }
@@ -1571,14 +1564,12 @@ impl<'cx> Dataflow<'cx> for DefinitionAnalysisRunner {
15711564 }
15721565
15731566 for ( varid, varkind) in interp. body ( ) . vars . clone ( ) . iter_enumerated ( ) {
1574- if & VarKind :: Ret == varkind {
1575- if let Some ( ( defid_calling_func, varid_calling_func) ) =
1567+ if & VarKind :: Ret == varkind
1568+ && let Some ( ( defid_calling_func, varid_calling_func) ) =
15761569 interp. value_manager . expected_return_values . get ( & def)
1577- {
1578- if let Some ( value) = interp. get_value ( def, varid, None ) {
1579- interp. add_value ( * defid_calling_func, * varid_calling_func, value. clone ( ) ) ;
1580- }
1581- }
1570+ && let Some ( value) = interp. get_value ( def, varid, None )
1571+ {
1572+ interp. add_value ( * defid_calling_func, * varid_calling_func, value. clone ( ) ) ;
15821573 }
15831574 }
15841575
0 commit comments