Example #1
0
 /// <inheritdoc />
 /// <remarks>
 /// Phalanger resolves eval as special expression
 /// </remarks>
 public override void VisitEvalEx(EvalEx x)
 {
     if (searchedCalls.Contains("eval"))
     {
         occurrenceNodes.Enqueue(x);
     }
 }
Example #2
0
 public override void VisitEvalEx(EvalEx x)
 {
     ConsumeToken(Tokens.T_EVAL, "eval", x.Span.Start);
     ConsumeToken(Tokens.T_LPAREN, "(");
     VisitElement(x.Code);
     ConsumeToken(Tokens.T_RPAREN, ")", x.Span.End - 1);
 }
Example #3
0
        public override void VisitEvalEx(EvalEx node)
        {
            var outputChannel = FindChannel(node, _outputChannels);

            if (outputChannel != null)
            {
                RewriteEvalEx(outputChannel, node);
                _visitedChannels.Add(outputChannel.Id);
            }
            else
            {
                //no special treatment
                base.VisitEvalEx(node);
            }
        }
Example #4
0
        private void RewriteEvalEx(Channel outputChannel, EvalEx node)
        {
            //the original program (P') captures all output values
            if (_isOriginalProgram || outputChannel.Label.Level == _securityLevel.Level || _securityLevel.Level < _minInputLevel)
            {
                var functionName = _securityLevel.Level < _minInputLevel ? FunctionNames.CaptureOutput : FunctionNames.StoreOutput;
                //construct a new call to the capture output function
                var name       = new TranslatedQualifiedName(new QualifiedName(new Name(functionName)), new Span());
                var parameters = new List <ActualParam>();
                parameters.Add(new ActualParam(new Span(), new LongIntLiteral(new Span(), outputChannel.Id)));
                if (node.Code != null)
                {
                    parameters.Add(new ActualParam(new Span(), node.Code));
                }

                var signature = new CallSignature(parameters, new Span());
                //let factory create a new DirectFcnCall AST node.
                var storeOutputCall = (DirectFcnCall)_factory.Call(new Span(), name, signature, null);

                //visit the new call
                base.VisitDirectFcnCall(storeOutputCall);
            }

            //add a semicolon between the new call and the original call
            base.VisitEmptyStmt((EmptyStmt)_factory.EmptyStmt(new Span(0, 1)));

            //performing an output to an output channel is only allowed if the current execution has the same security level
            if (_isOriginalProgram || outputChannel.Label.Level == _securityLevel.Level)
            {
                if (!_isOriginalProgram)
                {
                    //construct a new call to the get output function
                    var name       = new TranslatedQualifiedName(new QualifiedName(new Name(FunctionNames.GetOutput)), new Span());
                    var parameters = new List <ActualParam>
                    {
                        new ActualParam(new Span(), new LongIntLiteral(new Span(), outputChannel.Id))
                    };

                    var signature = new CallSignature(parameters, new Span());
                    //let factory create a new Echo AST node and let it echo the read_output call
                    var readOutputCall = (DirectFcnCall)_factory.Call(new Span(), name, signature, null);
                    var evalExpression = (EvalEx)_factory.Eval(new Span(), readOutputCall);

                    //visit the original call
                    base.VisitEvalEx(evalExpression);
                }
            }
        }
Example #5
0
        /// <summary>
        /// Visits elements like 'eval ("my_dynamic_code();")'
        /// </summary>
        /// <param name="node"></param>
        public override void VisitEvalEx(EvalEx node)
        {
            //nodes that contain only html code cannot output (server) information
            var functionName = "eval";
            var outputLabel  = _policy.Output.FirstOrDefault(channel => channel.Name.Equals(functionName));

            if (outputLabel != null)
            {
                var channel = new Channel()
                {
                    Id = _uniqueId, Label = outputLabel, Location = new PhpSourceLocation(node.Span)
                };
                OutputChannels.Add(channel);
                _uniqueId++;
            }

            base.VisitEvalEx(node);
        }
Example #6
0
 /// <summary>
 /// Visit parameter of "eval".
 /// </summary>
 /// <param name="x"></param>
 virtual public void VisitEvalEx(EvalEx x)
 {
     VisitElement(x.Code);
 }
Example #7
0
 override public void VisitEvalEx(EvalEx x)
 {
     _serializer.StartSerialize(typeof(EvalEx).Name, SerializeSpan(x.Span));
     base.VisitEvalEx(x);
     _serializer.EndSerialize();
 }
Example #8
0
        public override void VisitEvalEx(EvalEx x)
        {
            var code = CreateRValue(x.Code);

            Result(new EvalExPoint(x, code));
        }
Example #9
0
 /// <inheritdoc />
 public override void VisitEvalEx(EvalEx x)
 {
     RValueResult(x);
 }
Example #10
0
 /// <summary>
 /// Initializes a new instance of the <see cref="EvalExPoint" /> class.
 /// </summary>
 /// <param name="eval">Eval expression</param>
 /// <param name="evalCode">Program point with source code for evaluation</param>
 internal EvalExPoint(EvalEx eval, ValuePoint evalCode)
     : base(null, null, new ValuePoint[] { evalCode })
 {
     Eval     = eval;
     EvalCode = evalCode;
 }
Example #11
0
 /// <inheritdoc />
 override public void VisitEvalEx(EvalEx x)
 {
     VisitElement(x.Code);
     result = new EvalEx(x.Position, (Expression)result, false);
 }