X-Taint Header does not expect or accept compliant JSON #324
Description
The X-Taint Header looks like it is JSON, i.e., X-Taint: [{ begin: 4, end: 8, source: "e2e" }, { begin: 17, end: 20, source: "e2e" }] but it has a key difference to real JSON. It only accepts unquoted keys, i.e., JSON.stringify(taints) will not produce a valid value for the X-Taint header.
A helper function to transform it into the pseudo JSON is, e.g., the following:
function formatXTaintEntry(taint) {
let entries = [];
if(Object.hasOwn(taint, "begin")) {
entries.push(`begin: ${taint.begin}`);
} else {
throw new Error("Missing begin key");
}
if(Object.hasOwn(taint, "end")) {
entries.push(`end: ${taint.end}`);
} else {
throw new Error("Missing end key");
}
if(Object.hasOwn(taint, "source")) {
entries.push(`source: "${taint.source}"`);
} else {
throw new Error("Missing source key");
}
return `{ ${entries.join(", ")} }`;
}
function formatXTaint(taints) {
let xtaint_entries = [];
for(const taint of taints) {
xtaint_entries.push(formatXTaintEntry(taint));
}
return `[${xtaint_entries.join(", ")}]`;
}This is just an inconvenience, but I plan to resolve this by changing the parser for Taint Ranges to accept either format after submission of my dissertation. As I am currently probably the only user of this feature, and this should remain backwards compatible if someone adopts it, this should only make life easier for any user.