int main ( int argc, char* argv[] ) {
int ret;
state_t *state;
int argptr =1;
if(argc > 0){
if(strcmp(argv[1], "-d") == 0){
debug_eval(1);
argptr++;
} else {
debug_eval(0);
}
yyin = fopen(argv[argptr], "r");
} else
yyin = stdin;
inityylex();
ret = yyparse();
if( (ret == 0) && (numerrors == 0)){
state = (state_t *)malloc(sizeof(state_t));
state->tbl = NULL;
state->mem = NULL;
eval_stmts(program, state);
return 0;
} else {
return -1;
}
};
state_t* eval_stmts(ast_t *p, state_t *state)
{
ast_list_t *stmts;
ast_list_t *ip;
ast_t *t1, *t2;
ast_t *s;
value_t v;
assert(p != NULL);
assert(p->info.node.tag == SEQ);
ip = p->info.node.arguments;
while(ip != NULL)
{
s = ip->elem;
value_t e1;
switch(s->info.node.tag){
case ASSIGN:
/* the lhs */
t1 = s->info.node.arguments->elem;
/* the rhs */
t2 = s->info.node.arguments->next->elem;
v = eval_exp(t2, state->tbl, state->mem);
switch(t1->tag){
case var_ast:
state->tbl = update_var(t1->info.string, v, state->tbl);
break;
case node_ast:
assert(t1->info.node.tag == MEM);
is_first_eval = 0;
state->mem = store(eval_exp(t1->info.node.arguments->elem, state->tbl, state->mem).value, v, state->mem);
eval_exp(t2, state->tbl, state->mem);
is_first_eval = 0;
break;
default:
assert(0);
}
break;
case PRINT:
switch(s->info.node.arguments->elem->tag){
case str_ast:
printf("%s\n", s->info.node.arguments->elem->info.string);
fprintf(stderr, "Tainted variable: None\n");
break;
default:
e1 = eval_exp(s->info.node.arguments->elem,
state->tbl,
state->mem);
if (e1.taint) {
fprintf(stderr,"%s", "Tainted variable: ");
is_first_taint = 1;
arithmetic_check(s->info.node.arguments->elem, state);
fprintf(stderr,"\n");
printf("%s\n", "<secret>");
}
else {
fprintf(stderr,"%s\n","Tainted variable: None");
printf("%u\n", e1.value);
}
break;
}
break;
case IF:
//control-flow taint shall NOT be tracked, so no changes here
if(eval_exp(s->info.node.arguments->elem, state->tbl, state->mem).value){
state = eval_stmts(s->info.node.arguments->next->elem, state);
} else {
state = eval_stmts(s->info.node.arguments->next->next->elem, state);
}
break;
case SEQ:
state = eval_stmts(s->info.node.arguments->next->elem, state);
break;
case ASSERT:
if(eval_exp(s->info.node.arguments->elem, state->tbl,state->mem).value ==0){
printf("Assert failed!\n");
}
break;
default:
printf("Unknown statement type\n");
assert(0);
break;
}
is_first_eval = 1;
ip = ip->next;
}
return state;
}
state_t* eval_stmts(ast_t *p, state_t *state)
{
ast_list_t *stmts;
ast_list_t *ip;
ast_t *t1, *t2;
ast_t *s;
value_t v;
int just_tainted = 0;
int i;
assert(p != NULL);
assert(p->info.node.tag == SEQ);
ip = p->info.node.arguments;
while(ip != NULL)
{
s = ip->elem;
switch(s->info.node.tag){
case ASSIGN:
printf("\nthis is ASSIGN\n");
/* the lhs */
t1 = s->info.node.arguments->elem;
/* the rhs */
t2 = s->info.node.arguments->next->elem;
v = eval_exp(t2, state->tbl, state->mem);
switch(t1->tag){
case var_ast:
printf("\n var ast horela.");
state->tbl = update_var(t1->info.string, v, state->tbl);// check is tf == 1=>add tbl->name & reset tf= 0
printf("\n var ast ke baad tbl name : %s",state->tbl->name);
if(tf==1){
printf("\nVal od type = %d",type);
printf("\nTainted. Adding this up! : %s\n",state->tbl->name);
add_var(state->tbl->name);
printf("\nAdded Taint! %s \n",state->tbl->name);
tf = 0;
just_tainted = 1;
tvar_index = 0;
type = 0;
}
if(constant_check == 1 && just_tainted == 0){
printf("\n constant present...\n");
printf("\nvariable name is ..%s\n",state->tbl->name);
if(check_tain_var(state->tbl->name)){
printf("\n removing taint!\n\n");
remove_taint_var(state->tbl->name);
printf("\nremoved!\n");
constant_check = 0;
type = 0;
}
}
just_tainted = 0;
break;
case node_ast:
printf("\nMemo horela. ");
assert(t1->info.node.tag == MEM);
state->mem = store(eval_exp(t1->info.node.arguments->elem,
state->tbl,
state->mem), v, state->mem);//same here.
if(tf == 1){
printf("\ntaint detected. Adding address %u up\n",state->mem->addr);
add_mem(state->mem->addr);
printf("\nMemory tainted! Addr : %u \n",state->mem->addr);
tf = 0;
tmem_index = 0;
type = 0;
memo = 0;
}
printf("\nafter nost ast..mem val is : %u",state->mem->addr);
if(cc_mem == 2){
printf("\n constant present...\n");
if(check_tain_mem(state->mem->addr)){
printf("\n removing taint!\n\n");
remove_taint_mem(state->mem->addr);
printf("\nremoved!\n");
cc_mem = 0;
}
}
break;
default:
assert(0);
}
break;
case PRINT:
printf("\n this is printttt\n");
switch(s->info.node.arguments->elem->tag){
case str_ast:
printf("\nin str-ast");
printf("str asgn %s\n", s->info.node.arguments->elem->info.string);
fprintf(stderr,"Tainted variable: None\n");
break;
default:
printf("\n default.\n");
printf("\n Memory addrs now : %u \n",state->mem->addr);
printf("\n var name now :%s\n",state->tbl->name);
coming_from_print =1;
printf("def %u\n", eval_exp(s->info.node.arguments->elem,
state->tbl,
state->mem));
if (tf==0)
fprintf(stderr,"Tainted variable: None\n");
if(tf == 1){
printf("\nTaint detected!! with type %d and tvar_index %d\n",type,tvar_index);
fprintf(stderr,"Tainted variable: ");
/*switch(type){
case 1 : printf("\nIts a variable!\n");
%s\n",tvar_arr[tvar_index]);
break;
case 2 : printf("\nIts a memory!\n");
fprintf(stderr,"Tainted variable: mem[%u]\n",tmem_arr[tmem_index]);
break;
case 3 : printf("\nIts kinda both.\n");
fprintf(stderr,"Tainted variable: %s, mem[%u]\n",tvar_arr[tvar_index],tmem_arr[tmem_index]);
break;
case 4 : printf("\nIts direct!\n");
fprintf(stderr," direct");
break;
}
fprintf(stderr,"Tainted variable: ");*/
for (i=0;i<=tvar_index; i++)
{ if (tvar_arr[i][1] == 2)
{
// printf("\nIts direct!\n");
fprintf(stderr,"direct");
}
else if (tvar_arr[i][1] == 1)
{
// printf("\nIts a variable!\n");
fprintf(stderr,"mem[%d]",tvar_arr[i][0]);
}
else
{
// printf("\nIts a variable!\n");
fprintf(stderr,"%s",tvar_arr[i]);
}
if (i>0 && i<tvar_index)
fprintf(stderr,", ");
}
fprintf(stderr,"\n");
}
type = 0;
tf = 0;
tvar_index = 0;
tmem_index = 0;
coming_from_print = 0;
break;
}
break;
case IF:
printf("\nthis is IFFF\n");
if(eval_exp(s->info.node.arguments->elem, state->tbl, state->mem)){
state = eval_stmts(s->info.node.arguments->next->elem, state);
} else {
state = eval_stmts(s->info.node.arguments->next->next->elem, state);
}
break;
case SEQ:
printf("\n this is SEQQQ\n");
state = eval_stmts(s->info.node.arguments->next->elem, state);
break;
case ASSERT:
if(eval_exp(s->info.node.arguments->elem, state->tbl,state->mem) ==0){
printf("Assert failed!\n");
}
break;
default:
printf("Unknown statement type\n");
assert(0);
break;
}
ip = ip->next;
}
return state;
}
