public void RegisterFunctionsHandler(FunctionsHandler functionsHandler)
{
foreach (var vulnerabilityReporter in _reporters)
{
vulnerabilityReporter.RegisterFunctionsHandler(functionsHandler);
}
}
private void ParseAndAnalyze(string php, IVulnerabilityStorage storage)
{
FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings);
fh.LoadJsonSpecifications();
var extractedFuncs = PHPParseUtils.ParseAndIterate <ClassAndFunctionExtractor>(php, Config.PHPSettings.PHPParserPath).Functions;
fh.CustomFunctions.AddRange(extractedFuncs);
var cfg = PHPParseUtils.ParseAndIterate <CFGCreator>(php, Config.PHPSettings.PHPParserPath).Graph;
var incResolver = new IncludeResolver(new List <File>());
var fileStack = new Stack <File>();
fileStack.Push(new File()
{
FullPath = @"C:\TestFile.txt"
});
var condAnalyser = new ConditionTaintAnalyser(AnalysisScope.File, incResolver, fileStack, fh);
var funcMock = new Mock <Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> >();
var blockAnalyzer = new TaintBlockAnalyzer(storage, incResolver,
AnalysisScope.File, funcMock.Object, new AnalysisStacks(fileStack), new FunctionAndMethodAnalyzerFactory(), fh);
var immutableInitialTaint = new DefaultTaintProvider().GetTaint();
var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, immutableInitialTaint);
var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist());
taintAnalysis.Analyze(cfg);
}
public ConditionTaintAnalyser(AnalysisScope scope, IIncludeResolver inclusionResolver, Stack <File> includeStack, FunctionsHandler fh)
{
this._analysisScope = scope;
this.includeResolver = inclusionResolver;
this._includeStack = includeStack;
this._funcHandler = fh;
}
public CustomFunctionHandler(Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileAnalyzer,
FunctionAndMethodAnalyzerFactory subroutineAnalyzerFactory, FunctionsHandler fh)
{
this.AnalysisExtensions = new List <IBlockAnalyzerComponent>();
this.fileAnalyzer = fileAnalyzer;
this.subroutineAnalyzerFactory = subroutineAnalyzerFactory;
this._funcHandler = fh;
}
public ReportingVulnerabilityStorage(IVulnerabilityReporter reporter, FunctionsHandler functionsHandler)
{
Preconditions.NotNull(reporter, "reporter");
Preconditions.NotNull(functionsHandler, "functionsHandler");
this.reporter = reporter;
this.reporter.RegisterFunctionsHandler(functionsHandler);
}
public RunTime(iRunLog log, Dictionary <string, string> parameters)
{
Log = log;
Parameters = parameters;
InitKeyword();
var handler = new FunctionsHandler(log, Parameters);
innerFuns = new ParamsTransformHandler(handler, log, Parameters);
}
public FunctionAndMethodAnalyzer(ImmutableVariableStorage variableStorage, IIncludeResolver incResolver,
AnalysisStacks stacks, CustomFunctionHandler customFuncHandler,
IVulnerabilityStorage vulnerabilityStorage, FunctionsHandler fh)
{
this._varStorage = variableStorage;
this._incResolver = incResolver;
this._stacks = stacks;
this._customFunctionHandler = customFuncHandler;
this._vulnerabilityStorage = vulnerabilityStorage;
this._funcHandler = fh;
}
static void Main(string[] args)
{
Arguments arguments = ParseArguments(args);
Config configuration = GetConfiguration(arguments.ConfigLocation);
_funcHandler = new FunctionsHandler(configuration.FuncSpecSettings);
_funcHandler.LoadJsonSpecifications();
_components = ImportExternalComponents(configuration.ComponentSettings);
Analyze(arguments, configuration);
}
private void AssertNoOfVulnsInMultipleCodeFiles(Tuple <string, string>[] codeFiles, int numberOfVulns)
{
FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings);
fh.LoadJsonSpecifications();
var vulnStorage = new Mock <IVulnerabilityStorage>();
var parsedFiles = codeFiles.Select(code => new File(PHPParseUtils.ParsePHPCode(code.Item2, Config.PHPSettings.PHPParserPath))
{
FullPath = code.Item1,
CFG = PHPParseUtils.ParseAndIterate <CFGCreator>(code.Item2, Config.PHPSettings.PHPParserPath).Graph
}).ToArray();
Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileTaintAnalyzer = null;
fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) =>
{
Preconditions.NotNull(varStorage, "varStorage");
Preconditions.NotNull(inclResolver, "inclResolver");
var fileToAnalyze = stacks.IncludeStack.Peek();
var blockAnalyzer = new TaintBlockAnalyzer(vulnStorage.Object, inclResolver,
scope, fileTaintAnalyzer, stacks, new FunctionAndMethodAnalyzerFactory(), fh);
var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack, fh);
var cfgTaintAnalysis = new PHPAnalysis.Analysis.CFG.TaintAnalysis(blockAnalyzer, condAnalyser, varStorage);
var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG));
analyzer.Analyze(fileToAnalyze.CFG);
return(cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal]);
};
foreach (var file in parsedFiles)
{
var inclusionResolver = new IncludeResolver(parsedFiles);
var fileStack = new Stack <File>();
fileStack.Push(file);
var immutableInitialTaint = new DefaultTaintProvider().GetTaint();
var stacks = new AnalysisStacks(fileStack);
fileTaintAnalyzer(immutableInitialTaint, inclusionResolver, AnalysisScope.File, stacks);
}
vulnStorage.Verify(x => x.AddVulnerability(It.IsAny <IVulnerabilityInfo>()), Times.Exactly(numberOfVulns));
}
public FunctionAndMethodAnalyzer Create(ImmutableVariableStorage variableStorage, IIncludeResolver incResolver,
AnalysisStacks stacks, CustomFunctionHandler customFuncHandler,
IVulnerabilityStorage vulnerabilityStorage, FunctionsHandler fh)
{
return(new FunctionAndMethodAnalyzer(variableStorage, incResolver, stacks, customFuncHandler, vulnerabilityStorage, fh)
{
UseSummaries = this.UseSummaries
});
}
public void RegisterFunctionsHandler(FunctionsHandler functionsHandler)
{
_funcHandler = functionsHandler;
_dbFileWriter.RegisterFunctionsHandler(functionsHandler);
}
public void RegisterFunctionsHandler(FunctionsHandler functionsHandler)
{
// No need for a functionsHandler here
}
public ConsoleVulnerabilityReporter(FunctionsHandler fh)
{
this._funcHandler = fh;
}
public void RegisterFunctionsHandler(FunctionsHandler functionsHandler)
{
_funcHandler = functionsHandler;
}
