Skip to main content

infigraph_core/taint/
sources.rs

1pub struct TaintSource {
2    pub kind: &'static str,
3    pub patterns: &'static [&'static str],
4    pub extensions: Option<&'static [&'static str]>,
5}
6
7pub static TAINT_SOURCES: &[TaintSource] = &[
8    // HTTP parameters
9    TaintSource {
10        kind: "HttpParam",
11        patterns: &[
12            "request.GET[",
13            "request.GET.get(",
14            "request.POST[",
15            "request.POST.get(",
16            "request.args.get(",
17            "request.args[",
18            "request.form[",
19            "request.form.get(",
20            "req.query.",
21            "req.query[",
22            "req.params.",
23            "req.params[",
24            "request.getParameter(",
25            "request.getParameterValues(",
26            "@RequestParam",
27            "@PathVariable",
28            "@QueryParam",
29            "Request.Query[",
30            "Request.Form[",
31            "c.Param(",
32            "c.Query(",
33            "c.DefaultQuery(",
34            "r.URL.Query()",
35            "r.FormValue(",
36        ],
37        extensions: None,
38    },
39    // HTTP body
40    TaintSource {
41        kind: "HttpBody",
42        patterns: &[
43            "request.body",
44            "req.body",
45            "request.json",
46            "request.data",
47            "request.get_json(",
48            "request.content",
49            "@RequestBody",
50            "request.getInputStream(",
51            "Request.Body",
52            "ReadFromJsonAsync(",
53            "c.BindJSON(",
54            "c.ShouldBindJSON(",
55            "json.NewDecoder(r.Body)",
56        ],
57        extensions: None,
58    },
59    // HTTP headers
60    TaintSource {
61        kind: "HttpHeader",
62        patterns: &[
63            "request.headers[",
64            "request.headers.get(",
65            "req.headers[",
66            "req.headers.get(",
67            "req.header(",
68            "request.getHeader(",
69            "request.META[",
70            "Request.Headers[",
71            "r.Header.Get(",
72        ],
73        extensions: None,
74    },
75    // File reads
76    TaintSource {
77        kind: "FileRead",
78        patterns: &[
79            "open(",
80            "readFile(",
81            "fs.read",
82            "File(",
83            "fs.readFileSync(",
84            "fs.readFile(",
85            "Files.readAllBytes(",
86            "Files.readString(",
87            "File.ReadAllText(",
88            "File.ReadAllLines(",
89            "os.ReadFile(",
90            "ioutil.ReadFile(",
91        ],
92        extensions: None,
93    },
94    // User input (CLI/console)
95    TaintSource {
96        kind: "UserInput",
97        patterns: &[
98            "input(",
99            "readline(",
100            "Scanner(",
101            "process.stdin",
102            "sys.stdin",
103            "Console.ReadLine(",
104            "bufio.NewReader(os.Stdin)",
105            "std::io::stdin()",
106        ],
107        extensions: None,
108    },
109    // Environment variables (can be attacker-controlled in some contexts)
110    TaintSource {
111        kind: "EnvVar",
112        patterns: &[
113            "os.environ[",
114            "os.environ.get(",
115            "os.getenv(",
116            "process.env.",
117            "process.env[",
118            "System.getenv(",
119            "Environment.GetEnvironmentVariable(",
120            "os.Getenv(",
121            "std::env::var(",
122        ],
123        extensions: None,
124    },
125];