tainting. String transformations   [3.4.5]


^reflection:tainting[string]
^reflection:tainting[transformation type;string]

This method allows you to find out what conversions a string needs. The result is a string in which each character of the source string is matched by a character with a transformation code.
When the transformation type is specified, the characters to be transformed with the specified transformation type are highlighted with +. In addition to the transformation name, you can specify the value 'tainted' to display tainted characters and 'optimized' to display the characters that are to be optimized during output.

Transformation codes
clean

0

as-is

A

tainted

T

file-spec

F

uri

U

http-header

h

mail-header

m

sql

Q

js

J

json

S

parser-code

p

regex

R

xml

X

html

H

cookie

C




Example

$s[clean ^taint[<tainted>] ^taint[uri;&] ^taint[json;"json"]]

^taint[as-is;$s]
^reflection:tainting[$s]
^reflection:tainting[tainted;$s]

Applied: $s

Outputs:

clean <tainted> & "json"
000000TTTTTTTTT0U0SSSSSS
------+++++++++---------

Applied: clean &lt;tainted&gt; %26 \"json\"



Copyright © 1997–2021 Art. Lebedev Studio | http://www.artlebedev.com Last updated: 27.04.2017