Propagate taint through StringIterator (fixes #348)

[eleumasc]

This pull request enables taint propagation through StringIterator. Therefore, it fixes #348.

In local, we verified the following test cases:

• Untainted string: - [..."abc"].map(x => x.taint)
• Tainted string: [...String.tainted("abc", "t1")].map(x => x.taint)
• Concatenation of tainted strings: [...(String.tainted("abc", "t1") + String.tainted("def", "t2"))].map(x => x.taint)
• UTF-16 support: [..."a😊c"].map(x => x.taint)

[leeN]

Looks good as far as I can see. Could you add a mochitest?

Generally, we apologize for the delay in merging PRs at the moment. We are currently busy preparing a Foxhound demo for Blackhat.

[eleumasc]

Here we go! I also replaced insert with setTaint, since the former caused a weird bug that led to overlapping taint ranges.

PS: I'm glad that you are going to present Foxhound to Blackhat. Unfortunately I will not be able to join the event for lack of funding :(

[leeN]

Sadly, blackhat is super expensive... What is possible is to get a business hall ticket (it'll include the Arsenal stuff we are doing, but you are missing out on talks) so it is fairly cheap.. But still, it's like roughly 1k euros for flights (more expensive from italy I assume) and hotel..

[eleumasc]

Extra commit in which I copy the single-character string before setting the taint. I guess that strings of that kind are stored in a sort of cache, because when I executed the code [...(String.tainted("f", "t1") + String.tainted("o", "t2") + String.tainted("o", "t3"))].map(x => x.taint) the two "o"s got the same taint information, in particular the one assigned to the last "o". Couldn't detect this issue with the provided test cases :/

[leeN]

LGTM