generated from SAP/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 23
Open
Labels
end-to-end taintingenhancementNew feature or requestNew feature or requestgood first issueGood for newcomersGood for newcomersrefactoringImproving Foxhound code qualityImproving Foxhound code quality
Description
The X-Taint Header looks like it is JSON, i.e., X-Taint: [{ begin: 4, end: 8, source: "e2e" }, { begin: 17, end: 20, source: "e2e" }] but it has a key difference to real JSON. It only accepts unquoted keys, i.e., JSON.stringify(taints) will not produce a valid value for the X-Taint header.
A helper function to transform it into the pseudo JSON is, e.g., the following:
function formatXTaintEntry(taint) {
let entries = [];
if(Object.hasOwn(taint, "begin")) {
entries.push(`begin: ${taint.begin}`);
} else {
throw new Error("Missing begin key");
}
if(Object.hasOwn(taint, "end")) {
entries.push(`end: ${taint.end}`);
} else {
throw new Error("Missing end key");
}
if(Object.hasOwn(taint, "source")) {
entries.push(`source: "${taint.source}"`);
} else {
throw new Error("Missing source key");
}
return `{ ${entries.join(", ")} }`;
}
function formatXTaint(taints) {
let xtaint_entries = [];
for(const taint of taints) {
xtaint_entries.push(formatXTaintEntry(taint));
}
return `[${xtaint_entries.join(", ")}]`;
}This is just an inconvenience, but I plan to resolve this by changing the parser for Taint Ranges to accept either format after submission of my dissertation. As I am currently probably the only user of this feature, and this should remain backwards compatible if someone adopts it, this should only make life easier for any user.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
end-to-end taintingenhancementNew feature or requestNew feature or requestgood first issueGood for newcomersGood for newcomersrefactoringImproving Foxhound code qualityImproving Foxhound code quality