JS: add sanitizer support for ~whitelist.indexOf(x)
#83
Conversation
ghost
added
the
ghost
self-requested a review
as a 
| @@ -612,6 +612,26 @@ module TaintTracking { | |||
|
|
|||
| } | |||
|
|
|||
| /** A check of the form `if(~o.indexOf(x))`, which sanitizes `x` in its "then" branch. */ | |||
There was a problem hiding this comment.
It may be helpful to add an example here to explain why it's x that is sanitised and not o. (In fact, it seems like there are uses of this idiom that sanitise o, but they are perhaps more difficult to capture.)
There was a problem hiding this comment.
Perhaps all that's needed is to rename o to whitelist. But please also explain that this is equivalent to if(whitelist.indexOf(x) !== -1).
There was a problem hiding this comment.
Done. The o in the o.indexOf(x) !== -1 case has also been renamed to whitelist.
| @@ -623,6 +627,13 @@ module TaintTracking { | |||
| } | |||
|
|
|||
| override predicate sanitizes(boolean outcome, Expr e) { | |||
| // Explanation for why `if(~whitelist.indexOf(x))` is equivalent to `if(whitelist.indexOf(x) != -1)`: | |||
There was a problem hiding this comment.
I'm not sure this is needed, at least not at this level of detail. Just reminding the reader that ~x is 0 iff x is -1 should be fine.
There was a problem hiding this comment.
I have put the simplified explanation in the qldoc.
| @@ -612,7 +612,11 @@ module TaintTracking { | |||
|
|
|||
| } | |||
|
|
|||
| /** A check of the form `if(~o.indexOf(x))`, which sanitizes `x` in its "then" branch. */ | |||
| /** | |||
| * A check of the form `if(~whitelist.indexOf(x))`, which sanitizes `x` in its "then" branch | |||
Fix "missing override" FPs
…ide-fps Fix "missing override" FPs
feat: Improve sanitizer checks
This PR adds
if(~whitelist.indexOf(tainted))as a sanitizer.It is a compact version of
if(whitelist.indexOf(tainted) !== -1).I have briefly checked that it does not degrade performance on big benchmarks.