Skip to content

Commit

Permalink
Merge pull request #6 from max-p-log-p/master
Browse files Browse the repository at this point in the history 
Fix false attacks in authentication queries by rewriting primitives and checking later for equivalence
  • Loading branch information
@nadimkobeissi
nadimkobeissi authored Sep 8, 2024
2 parents 49db979 + 1d356a5 commit 8b8e568
Showing 1 changed file with 17 additions and 4 deletions.
21 changes: 17 additions & 4 deletions cmd/vplogic/verifyactive.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,18 +147,27 @@ func verifyActiveMutatePrincipalState(
ai, ii := valueResolveConstant(valMutationMap.Constants[i], valPrincipalState, true)
ac := valMutationMap.Combination[i]
ar, _ := valueResolveValueInternalValuesFromKnowledgeMap(ai, valKnowledgeMap)
switch ar.Kind {
case typesEnumPrimitive:
_, aar := possibleToRewrite(ar.Data.(*Primitive), valPrincipalState)
switch aar[0].Kind {
case typesEnumPrimitive:
ar.Data = aar[0].Data.(*Primitive)
}
}
switch ac.Kind {
case typesEnumPrimitive:
_, aac := possibleToRewrite(ac.Data.(*Primitive), valPrincipalState)
switch aac[0].Kind {
case typesEnumPrimitive:
ac.Data = aac[0].Data.(*Primitive)
}
switch ai.Kind {
case typesEnumPrimitive:
ac.Data.(*Primitive).Output = ar.Data.(*Primitive).Output
ac.Data.(*Primitive).Check = ar.Data.(*Primitive).Check
}
}
switch {
case valueEquivalentValues(ac, ar, true):
continue
}
valPrincipalState.Creator[ii] = principalNamesMap["Attacker"]
valPrincipalState.Sender[ii] = principalNamesMap["Attacker"]
valPrincipalState.Mutated[ii] = true
Expand All @@ -167,6 +176,10 @@ func verifyActiveMutatePrincipalState(
if ii < earliestMutation {
earliestMutation = ii
}
switch {
case valueEquivalentValues(ac, ar, true):
continue
}
isWorthwhileMutation = true
}
if !isWorthwhileMutation {
Expand Down

0 comments on commit 8b8e568

Please sign in to comment.