Dump TaintFlows to File

[tmbrbr]

Currently when a tainted input is detected in a sink, foxhound currently triggers the __taintreport event with all information about the taint flow, and writes a short message to the console with information about the source and sink.

Currently the recommendation is to hook into the __taintreport event to analyze and extract data flows, for example using a plugin or via browser automation tools like playwright.

In the cases where this is not possible, it would be great to have a feature to dump all taint flows to disk in e.g. JSON format. This would mean an offline analysis could be done without needing an additional plugin or automation integration.

I think three things are needed here:

• Adding or using a function to serialize taint information to JSON
  • For compatibility, I think the best way would to be call string.taint by hand here

    project-foxhound/js/src/builtin/String.cpp

    Line 165 in 725e1d9

    str_taint_getter(JSContext* cx, unsigned argc, Value* vp)

    and then use built-in JavaScript JSON functions.
• Call this function at

  project-foxhound/js/src/jsapi.cpp

  Line 4983 in 725e1d9

  JS_ReportTaintSink(JSContext* cx, JS::HandleString str, const char* sink, JS::HandleValue arg)

• Write the JSON to file
  • Create a unique filename for each taintflow
  • Create an OS independent way of writing to file
• Make this configurable

[tmbrbr]

Implemented in #242