public void ResolveInclude(string phpCode, string[] existingFiles, bool shouldResolve)
{
var includeResolver = new IncludeResolver(existingFiles.Select(f => new File()
{
FullPath = f
}).ToList());
var ast = PHPParseUtils.ParsePHPCode(phpCode, Config.PHPSettings.PHPParserPath);
ast.IterateAllNodes(node =>
{
if (node.Name == AstConstants.Node + ":" + AstConstants.Nodes.Expr_Include)
{
File file;
if (includeResolver.TryResolveInclude(node, out file))
{
Assert.IsTrue(shouldResolve);
}
else
{
Assert.IsFalse(shouldResolve);
}
}
return(true);
});
}
public void ProcessBeforeInterior(ITreeNode element)
{
AppendRemainingMessage(element);
if (!(element is IT4IncludeDirective include)) return;
var file = (IT4File) element.GetContainingFile().NotNull();
Results.Push(new T4CSharpCodeGenerationIntermediateResult(file, Interrupter));
var sourceFile = IncludeResolver.Resolve(include.ResolvedPath);
if (sourceFile == null)
{
var target = include.GetFirstAttribute(T4DirectiveInfoManager.Include.FileAttribute)?.Value ?? element;
var data = T4FailureRawData.FromElement(target, $"Unresolved include: {target.GetText()}");
Interrupter.InterruptAfterProblem(data);
Guard.StartProcessing(file.LogicalPsiSourceFile.GetLocation());
return;
}
if (include.Once && Guard.HasSeenFile(sourceFile.GetLocation())) return;
if (!Guard.CanProcess(sourceFile.GetLocation()))
{
var target = include.GetFirstAttribute(T4DirectiveInfoManager.Include.FileAttribute)?.Value ?? element;
var data = T4FailureRawData.FromElement(target, "Recursion in includes");
Interrupter.InterruptAfterProblem(data);
Guard.StartProcessing(sourceFile.GetLocation());
return;
}
var resolved = include.IncludedFile;
Guard.StartProcessing(sourceFile.GetLocation());
resolved?.ProcessDescendants(this);
}
private CompositeElement ResolveIncludeDirective([NotNull] IT4IncludeDirective directive)
{
if (LogicalSourceFile == null)
{
return(null);
}
var pathWithMacros = directive.ResolvedPath;
var path = IncludeResolver?.ResolvePath(pathWithMacros);
if (path == null)
{
return(null);
}
var includeFile = T4ParsingContextHelper.ExecuteGuarded(
path,
directive.Once,
() => IncludeResolver?.Resolve(pathWithMacros)
);
if (includeFile == null)
{
return(null);
}
return(BuildIncludedT4Tree(includeFile));
}
private void ParseAndAnalyze(string php, IVulnerabilityStorage storage)
{
FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings);
fh.LoadJsonSpecifications();
var extractedFuncs = PHPParseUtils.ParseAndIterate <ClassAndFunctionExtractor>(php, Config.PHPSettings.PHPParserPath).Functions;
fh.CustomFunctions.AddRange(extractedFuncs);
var cfg = PHPParseUtils.ParseAndIterate <CFGCreator>(php, Config.PHPSettings.PHPParserPath).Graph;
var incResolver = new IncludeResolver(new List <File>());
var fileStack = new Stack <File>();
fileStack.Push(new File()
{
FullPath = @"C:\TestFile.txt"
});
var condAnalyser = new ConditionTaintAnalyser(AnalysisScope.File, incResolver, fileStack, fh);
var funcMock = new Mock <Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> >();
var blockAnalyzer = new TaintBlockAnalyzer(storage, incResolver,
AnalysisScope.File, funcMock.Object, new AnalysisStacks(fileStack), new FunctionAndMethodAnalyzerFactory(), fh);
var immutableInitialTaint = new DefaultTaintProvider().GetTaint();
var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, immutableInitialTaint);
var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist());
taintAnalysis.Analyze(cfg);
}
public override void VisitIncludeDirectiveNode(IT4IncludeDirective includeDirectiveParam)
{
string suffix = Result.State.ProduceBeforeEof();
if (!string.IsNullOrEmpty(suffix)) AppendTransformation(suffix, Result.State.FirstNode);
Guard.TryEndProcessing(IncludeResolver.Resolve(includeDirectiveParam.ResolvedPath).GetLocation());
var intermediateResults = Results.Pop();
Result.Append(intermediateResults);
}
public static T SetIncludeResolver <T>(this T context, IncludeResolver includeResolver) where T : IQueryVisitorContext
{
if (!(context is IQueryVisitorContextWithIncludeResolver includeContext))
{
throw new ArgumentException("Context must be of type IQueryVisitorContextWithIncludeResolver", nameof(context));
}
includeContext.IncludeResolver = includeResolver;
return(context);
}
public static T SetIncludeResolver <T>(this T context, IncludeResolver includeResolver) where T : IQueryVisitorContext
{
var aliasContext = context as IQueryVisitorContextWithIncludeResolver;
if (aliasContext == null)
{
throw new ArgumentException("Context must be of type IQueryVisitorContextWithIncludeResolver", nameof(context));
}
aliasContext.IncludeResolver = includeResolver;
return(context);
}
protected void Include()
{
Match("INCLUDE");
GetString();
string module = Current;
if (IncludeResolver == null)
{
throw new Exception("Tried to Include without resolver set");
}
readers.Push(new Reader(module, IncludeResolver.GetSourceCode(module)));
Program();
readers.Pop();
Scan();
}
private void AssertNoOfVulnsInMultipleCodeFiles(Tuple <string, string>[] codeFiles, int numberOfVulns)
{
FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings);
fh.LoadJsonSpecifications();
var vulnStorage = new Mock <IVulnerabilityStorage>();
var parsedFiles = codeFiles.Select(code => new File(PHPParseUtils.ParsePHPCode(code.Item2, Config.PHPSettings.PHPParserPath))
{
FullPath = code.Item1,
CFG = PHPParseUtils.ParseAndIterate <CFGCreator>(code.Item2, Config.PHPSettings.PHPParserPath).Graph
}).ToArray();
Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileTaintAnalyzer = null;
fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) =>
{
Preconditions.NotNull(varStorage, "varStorage");
Preconditions.NotNull(inclResolver, "inclResolver");
var fileToAnalyze = stacks.IncludeStack.Peek();
var blockAnalyzer = new TaintBlockAnalyzer(vulnStorage.Object, inclResolver,
scope, fileTaintAnalyzer, stacks, new FunctionAndMethodAnalyzerFactory(), fh);
var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack, fh);
var cfgTaintAnalysis = new PHPAnalysis.Analysis.CFG.TaintAnalysis(blockAnalyzer, condAnalyser, varStorage);
var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG));
analyzer.Analyze(fileToAnalyze.CFG);
return(cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal]);
};
foreach (var file in parsedFiles)
{
var inclusionResolver = new IncludeResolver(parsedFiles);
var fileStack = new Stack <File>();
fileStack.Push(file);
var immutableInitialTaint = new DefaultTaintProvider().GetTaint();
var stacks = new AnalysisStacks(fileStack);
fileTaintAnalyzer(immutableInitialTaint, inclusionResolver, AnalysisScope.File, stacks);
}
vulnStorage.Verify(x => x.AddVulnerability(It.IsAny <IVulnerabilityInfo>()), Times.Exactly(numberOfVulns));
}
private void ProcessInclude([NotNull] IT4IncludeDirective include)
{
var sourceFile = IncludeResolver.Resolve(include.ResolvedPath);
if (sourceFile == null)
{
ReportUnresolvedPath(include);
return;
}
if (!Guard.CanProcess(sourceFile.GetLocation()))
{
return;
}
if (include.Once && Guard.HasSeenFile(sourceFile.GetLocation()))
{
ReportRedundantInclude(include);
}
}
protected override T4IncludeData Build(IT4File file)
{
if (file.PhysicalPsiSourceFile?.IsBeingIndirectlyUpdated() == true)
{
// Since the contents of this file did not change,
// the list of its direct includes did not change either,
// so there's no point in doing anything here
return(null);
}
return(new T4IncludeData(file
.GetThisAndChildrenOfType <IT4IncludeDirective>()
.Where(directive => directive.IsVisibleInDocument())
.Select(directive => IncludeResolver.ResolvePath(directive.ResolvedPath))
.Where(path => !path.IsEmpty)
.Distinct()
.ToList()
));
}
private static CompilerOptions CreateCompilerOptions(CommandLine commandLine)
{
List <string> references = new List <string>();
List <IStreamSource> sources = new List <IStreamSource>();
List <IStreamSource> resources = new List <IStreamSource>();
List <string> defines = new List <string>();
List <string> scripts = new List <string>();
bool debug = false;
bool includeTests = false;
bool minimize = true;
IStreamSource scriptFile = null;
IStreamSourceResolver includeResolver = null;
foreach (string fileName in commandLine.Arguments)
{
// TODO: This is a hack... something in the .net 4 build system causes
// generation of an AssemblyAttributes.cs file with fully-qualified
// type names, that we can't handle (this comes from multitargeting),
// and there doesn't seem like a way to turn it off.
if (fileName.EndsWith(".AssemblyAttributes.cs", StringComparison.OrdinalIgnoreCase))
{
continue;
}
sources.Add(new FileInputStreamSource(fileName));
}
object referencesObject = commandLine.Options["ref"];
if (referencesObject is string)
{
references.Add((string)referencesObject);
}
else if (referencesObject is ArrayList)
{
ArrayList referenceList = (ArrayList)referencesObject;
foreach (string reference in referenceList)
{
// TODO: This is a hack... something in the .net 4 build system causes
// System.Core.dll to get included [sometimes].
// That shouldn't happen... so filter it out here.
if (reference.EndsWith("System.Core.dll", StringComparison.OrdinalIgnoreCase))
{
continue;
}
references.Add(reference);
}
}
object resourcesObject = commandLine.Options["res"];
if (resourcesObject is string)
{
resources.Add(new FileInputStreamSource((string)resourcesObject));
}
else if (resourcesObject is ArrayList)
{
ArrayList resourceList = (ArrayList)resourcesObject;
foreach (string resource in resourceList)
{
resources.Add(new FileInputStreamSource(resource));
}
}
object definesObject = commandLine.Options["D"];
if (definesObject is string)
{
defines.Add((string)definesObject);
}
else if (definesObject is ArrayList)
{
ArrayList definesList = (ArrayList)definesObject;
foreach (string definedVariable in definesList)
{
defines.Add(definedVariable);
}
}
string scriptFilePath = null;
if (commandLine.Options.Contains("out"))
{
scriptFilePath = (string)commandLine.Options["out"];
if (scriptFilePath.IndexOfAny(Path.GetInvalidPathChars()) < 0)
{
scriptFile = new FileOutputStreamSource(scriptFilePath);
}
}
debug = commandLine.Options.Contains("debug");
if (debug && !defines.Contains("DEBUG"))
{
defines.Add("DEBUG");
}
includeTests = commandLine.Options.Contains("tests");
minimize = commandLine.Options.Contains("minimize");
if (commandLine.Options.Contains("inc"))
{
string basePath = (string)commandLine.Options["inc"];
includeResolver = new IncludeResolver(basePath);
}
CompilerOptions compilerOptions = new CompilerOptions();
compilerOptions.IncludeTests = includeTests;
compilerOptions.Defines = defines;
compilerOptions.Minimize = minimize;
compilerOptions.References = references;
compilerOptions.Sources = sources;
compilerOptions.Resources = resources;
compilerOptions.ScriptFile = scriptFile;
compilerOptions.IncludeResolver = includeResolver;
compilerOptions.InternalTestMode = commandLine.Options.Contains("test");
if (compilerOptions.InternalTestMode)
{
compilerOptions.InternalTestType = (string)commandLine.Options["test"];
}
return(compilerOptions);
}
public static T IncludeResolver <T>(this T options, IncludeResolver includeResolver) where T : ICommandOptions
{
options.Values.Set(IncludeResolverKey, includeResolver);
return(options);
}
private static void Analyze(Arguments arguments, Config configuration)
{
Console.WriteLine("Parsing project at: " + arguments.Target);
Console.WriteLine();
foreach (var analysisStartingListener in _components.AnalysisStartingListeners)
{
// TODO - This should probably be a proper event - same goes for EndingEvent (this will also remove the loop(s)).
analysisStartingListener.AnalysisStarting(null, new AnalysisStartingEventArgs(configuration, arguments));
}
var stopwatch = Stopwatch.StartNew();
Console.WriteLine("Building ASTs..");
ParseResult parseResult = ParseTarget(arguments, configuration);
Console.WriteLine(" - AST build for {0} files ({1} failed)..", parseResult.ParsedFiles.Count, parseResult.FilesThatFailedToParse.Count);
Console.WriteLine("Traversing ASTs..");
var filesCollection = new List <File>();
var runningVulnReporter = new CompositeVulneribilityReporter(_components.VulnerabilityReporters);
var vulnerabilityStorage = new ReportingVulnerabilityStorage(runningVulnReporter, _funcHandler);
var progrssIndicator = ProgressIndicatorFactory.CreateProgressIndicator(parseResult.ParsedFiles.Count());
foreach (var parsedFile in parseResult.ParsedFiles)
{
progrssIndicator.Step();
var file = BuildFileCFGAndExtractFileInformation(parsedFile);
filesCollection.Add(file);
}
var subroutineAnalyzerFactory = new FunctionAndMethodAnalyzerFactory {
UseSummaries = arguments.UseFunctionSummaries
};
Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks,
ImmutableVariableStorage> fileTaintAnalyzer = null;
fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) =>
{
Preconditions.NotNull(varStorage, "varStorage");
Preconditions.NotNull(inclResolver, "inclResolver");
var blockAnalyzer = new TaintBlockAnalyzer(vulnerabilityStorage, inclResolver, scope, fileTaintAnalyzer, stacks, subroutineAnalyzerFactory, _funcHandler);
blockAnalyzer.AnalysisExtensions.AddRange(_components.BlockAnalyzers);
var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack, _funcHandler);
var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, varStorage);
var fileToAnalyze = stacks.IncludeStack.Peek();
var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG));
//var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist());
analyzer.Analyze(fileToAnalyze.CFG);
return(cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal]);
};
foreach (var file in filesCollection)
{
Console.WriteLine(Environment.NewLine + "=============================");
Console.WriteLine("Analyzing {0}..", file.FullPath);
var initialTaint = GetDefaultTaint();
var inclusionResolver = new IncludeResolver(filesCollection);
var stacks = new AnalysisStacks(file);
fileTaintAnalyzer(initialTaint, inclusionResolver, AnalysisScope.File, stacks);
}
Console.WriteLine("Scanned {0}/{1} subroutines. ", _funcHandler.ScannedFunctions.Count, _funcHandler.CustomFunctions.Count, _funcHandler);
if (arguments.ScanAllSubroutines)
{
Console.WriteLine("Scanning remaining subroutines..");
ScanUnscannedSubroutines(filesCollection, fileTaintAnalyzer, subroutineAnalyzerFactory, vulnerabilityStorage);
}
vulnerabilityStorage.CheckForStoredVulnerabilities();
//parseResult.ParsedFiles.Values.First().Save(@"C:\Users\Kenneth\Documents\Uni\TestScript\current\parsedFile");
stopwatch.Stop();
foreach (var analysisEndedListener in _components.AnalysisEndedListeners)
{
analysisEndedListener.AnalysisEnding(null, new AnalysisEndedEventArgs(stopwatch.Elapsed));
}
Console.WriteLine("Time spent: " + stopwatch.Elapsed);
Console.WriteLine("Found {0} vulnerabilities.", runningVulnReporter.NumberOfReportedVulnerabilities);
}
public static Task <IQueryNode> RunAsync(IQueryNode node, IncludeResolver includeResolver, IQueryVisitorContextWithIncludeResolver context = null, ShouldSkipIncludeFunc shouldSkipInclude = null)
{
return(new IncludeVisitor(shouldSkipInclude).AcceptAsync(node, context ?? new QueryVisitorContextWithIncludeResolver {
IncludeResolver = includeResolver
}));
}
public static IQueryNode Run(IQueryNode node, IncludeResolver includeResolver, IQueryVisitorContextWithIncludeResolver context = null, ShouldSkipIncludeFunc shouldSkipInclude = null)
{
return(RunAsync(node, includeResolver, context, shouldSkipInclude).GetAwaiter().GetResult());
}
public ElasticQueryParserConfiguration UseIncludes(IncludeResolver includeResolver, ShouldSkipIncludeFunc shouldSkipInclude = null, int priority = 0)
{
IncludeResolver = includeResolver;
return(AddVisitor(new IncludeVisitor(shouldSkipInclude), priority));
}
