117 - VID_DOCUMENTATION_TODO

Larger points that could use improvement


• Two modules seem to compute identifiers: Compute. JavascriptSqlite3InjectionScanner. Computing an identifier. Have to look it up in the environment I guess. Compute. JavascriptSqlite3InjectionScanner. Found 'saster_user_controlled' in the environment, it has a value, setting it in the expression. Compute. = . Have to compute the value of identifier 'saster_user_controlled'

• We should have a way of finding which expectation recently failed, so we see which of our changes created problems. Otherwise we might be improving in 1 tree, but breaking others.

• Compute should calculate exact values, but for user controlled variables an encoded alphabet should be incluced, in that way, we would be able to see at the injection points if the user can break out of confinement.

• SastEnvironment scopes were used for if statements and function calls, but that shadows all variables. Only local variables should be overlayed with a more tree-like environment. Variables seem to be created in the top layer, but can be looked up in every layer.

• Multiple findings in 1 line happen, even with multiple descriptions, if a second run knows more about context, like what happens in web frameworks. How to handle only showing the most severe finding?

• Saving the value flags into the AST tree so we can color all variables that are UserControlled orso
• Rewriting the whole token-to-expression matching with smarter logic
• We could create an inheritable taint flag that shows randomness so we can find crooked tokens / keys