public void RegisterFunctionsHandler(FunctionsHandler functionsHandler) { foreach (var vulnerabilityReporter in _reporters) { vulnerabilityReporter.RegisterFunctionsHandler(functionsHandler); } }
private void ParseAndAnalyze(string php, IVulnerabilityStorage storage) { FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings); fh.LoadJsonSpecifications(); var extractedFuncs = PHPParseUtils.ParseAndIterate <ClassAndFunctionExtractor>(php, Config.PHPSettings.PHPParserPath).Functions; fh.CustomFunctions.AddRange(extractedFuncs); var cfg = PHPParseUtils.ParseAndIterate <CFGCreator>(php, Config.PHPSettings.PHPParserPath).Graph; var incResolver = new IncludeResolver(new List <File>()); var fileStack = new Stack <File>(); fileStack.Push(new File() { FullPath = @"C:\TestFile.txt" }); var condAnalyser = new ConditionTaintAnalyser(AnalysisScope.File, incResolver, fileStack, fh); var funcMock = new Mock <Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> >(); var blockAnalyzer = new TaintBlockAnalyzer(storage, incResolver, AnalysisScope.File, funcMock.Object, new AnalysisStacks(fileStack), new FunctionAndMethodAnalyzerFactory(), fh); var immutableInitialTaint = new DefaultTaintProvider().GetTaint(); var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, immutableInitialTaint); var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist()); taintAnalysis.Analyze(cfg); }
public ConditionTaintAnalyser(AnalysisScope scope, IIncludeResolver inclusionResolver, Stack <File> includeStack, FunctionsHandler fh) { this._analysisScope = scope; this.includeResolver = inclusionResolver; this._includeStack = includeStack; this._funcHandler = fh; }
public CustomFunctionHandler(Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileAnalyzer, FunctionAndMethodAnalyzerFactory subroutineAnalyzerFactory, FunctionsHandler fh) { this.AnalysisExtensions = new List <IBlockAnalyzerComponent>(); this.fileAnalyzer = fileAnalyzer; this.subroutineAnalyzerFactory = subroutineAnalyzerFactory; this._funcHandler = fh; }
public ReportingVulnerabilityStorage(IVulnerabilityReporter reporter, FunctionsHandler functionsHandler) { Preconditions.NotNull(reporter, "reporter"); Preconditions.NotNull(functionsHandler, "functionsHandler"); this.reporter = reporter; this.reporter.RegisterFunctionsHandler(functionsHandler); }
public RunTime(iRunLog log, Dictionary <string, string> parameters) { Log = log; Parameters = parameters; InitKeyword(); var handler = new FunctionsHandler(log, Parameters); innerFuns = new ParamsTransformHandler(handler, log, Parameters); }
public FunctionAndMethodAnalyzer(ImmutableVariableStorage variableStorage, IIncludeResolver incResolver, AnalysisStacks stacks, CustomFunctionHandler customFuncHandler, IVulnerabilityStorage vulnerabilityStorage, FunctionsHandler fh) { this._varStorage = variableStorage; this._incResolver = incResolver; this._stacks = stacks; this._customFunctionHandler = customFuncHandler; this._vulnerabilityStorage = vulnerabilityStorage; this._funcHandler = fh; }
static void Main(string[] args) { Arguments arguments = ParseArguments(args); Config configuration = GetConfiguration(arguments.ConfigLocation); _funcHandler = new FunctionsHandler(configuration.FuncSpecSettings); _funcHandler.LoadJsonSpecifications(); _components = ImportExternalComponents(configuration.ComponentSettings); Analyze(arguments, configuration); }
private void AssertNoOfVulnsInMultipleCodeFiles(Tuple <string, string>[] codeFiles, int numberOfVulns) { FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings); fh.LoadJsonSpecifications(); var vulnStorage = new Mock <IVulnerabilityStorage>(); var parsedFiles = codeFiles.Select(code => new File(PHPParseUtils.ParsePHPCode(code.Item2, Config.PHPSettings.PHPParserPath)) { FullPath = code.Item1, CFG = PHPParseUtils.ParseAndIterate <CFGCreator>(code.Item2, Config.PHPSettings.PHPParserPath).Graph }).ToArray(); Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileTaintAnalyzer = null; fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) => { Preconditions.NotNull(varStorage, "varStorage"); Preconditions.NotNull(inclResolver, "inclResolver"); var fileToAnalyze = stacks.IncludeStack.Peek(); var blockAnalyzer = new TaintBlockAnalyzer(vulnStorage.Object, inclResolver, scope, fileTaintAnalyzer, stacks, new FunctionAndMethodAnalyzerFactory(), fh); var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack, fh); var cfgTaintAnalysis = new PHPAnalysis.Analysis.CFG.TaintAnalysis(blockAnalyzer, condAnalyser, varStorage); var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG)); analyzer.Analyze(fileToAnalyze.CFG); return(cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal]); }; foreach (var file in parsedFiles) { var inclusionResolver = new IncludeResolver(parsedFiles); var fileStack = new Stack <File>(); fileStack.Push(file); var immutableInitialTaint = new DefaultTaintProvider().GetTaint(); var stacks = new AnalysisStacks(fileStack); fileTaintAnalyzer(immutableInitialTaint, inclusionResolver, AnalysisScope.File, stacks); } vulnStorage.Verify(x => x.AddVulnerability(It.IsAny <IVulnerabilityInfo>()), Times.Exactly(numberOfVulns)); }
public FunctionAndMethodAnalyzer Create(ImmutableVariableStorage variableStorage, IIncludeResolver incResolver, AnalysisStacks stacks, CustomFunctionHandler customFuncHandler, IVulnerabilityStorage vulnerabilityStorage, FunctionsHandler fh) { return(new FunctionAndMethodAnalyzer(variableStorage, incResolver, stacks, customFuncHandler, vulnerabilityStorage, fh) { UseSummaries = this.UseSummaries }); }
public void RegisterFunctionsHandler(FunctionsHandler functionsHandler) { _funcHandler = functionsHandler; _dbFileWriter.RegisterFunctionsHandler(functionsHandler); }
public void RegisterFunctionsHandler(FunctionsHandler functionsHandler) { // No need for a functionsHandler here }
public ConsoleVulnerabilityReporter(FunctionsHandler fh) { this._funcHandler = fh; }
public void RegisterFunctionsHandler(FunctionsHandler functionsHandler) { _funcHandler = functionsHandler; }