pyrograph 0.1.0

GPU-accelerated taint analysis for supply chain malware detection
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

//! Advanced dataflow tests for interprocedural taint, control-flow coverage,
//! and class/method body analysis.

#![cfg(feature = "js")]

use pyrograph::analyze;

#[test]
fn interprocedural_argument_taint() {
    let js = r#"
        function f(x) { eval(x); }
        f(process.env.TOKEN);
    "#;
    let graph = pyrograph::parse::parse_js(js, "t.js").unwrap();
    assert!(
        !analyze(&graph).unwrap().is_empty(),
        "Taint must flow from argument to parameter interprocedurally"
    );
}

#[test]
fn class_method_body_taint() {
    let js = r#"
        class C {
            run() {
                var x = process.env.TOKEN;
                eval(x);
            }
        }
        new C().run();
    "#;
    let graph = pyrograph::parse::parse_js(js, "t.js").unwrap();
    assert!(
        !analyze(&graph).unwrap().is_empty(),
        "Class method body must be visited for taint analysis"
    );
}

#[test]
fn throw_expression_taint() {
    let js = r#"
        throw eval(process.env.TOKEN);
    "#;
    let graph = pyrograph::parse::parse_js(js, "t.js").unwrap();
    assert!(
        !analyze(&graph).unwrap().is_empty(),
        "Throw expression must be evaluated for taint"
    );
}

#[test]
fn do_while_taint() {
    let js = r#"
        do {
            fetch(process.env.TOKEN);
        } while (false);
    "#;
    let graph = pyrograph::parse::parse_js(js, "t.js").unwrap();
    assert!(
        !analyze(&graph).unwrap().is_empty(),
        "Do-while body must be visited for taint analysis"
    );
}