private void ParseAndAnalyze(string php, IVulnerabilityStorage storage)
{
FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings);
fh.LoadJsonSpecifications();
var extractedFuncs = PHPParseUtils.ParseAndIterate <ClassAndFunctionExtractor>(php, Config.PHPSettings.PHPParserPath).Functions;
fh.CustomFunctions.AddRange(extractedFuncs);
var cfg = PHPParseUtils.ParseAndIterate <CFGCreator>(php, Config.PHPSettings.PHPParserPath).Graph;
var incResolver = new IncludeResolver(new List <File>());
var fileStack = new Stack <File>();
fileStack.Push(new File()
{
FullPath = @"C:\TestFile.txt"
});
var condAnalyser = new ConditionTaintAnalyser(AnalysisScope.File, incResolver, fileStack, fh);
var funcMock = new Mock <Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> >();
var blockAnalyzer = new TaintBlockAnalyzer(storage, incResolver,
AnalysisScope.File, funcMock.Object, new AnalysisStacks(fileStack), new FunctionAndMethodAnalyzerFactory(), fh);
var immutableInitialTaint = new DefaultTaintProvider().GetTaint();
var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, immutableInitialTaint);
var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist());
taintAnalysis.Analyze(cfg);
}
public void ResolveInclude(string phpCode, string[] existingFiles, bool shouldResolve)
{
var includeResolver = new IncludeResolver(existingFiles.Select(f => new File()
{
FullPath = f
}).ToList());
var ast = PHPParseUtils.ParsePHPCode(phpCode, Config.PHPSettings.PHPParserPath);
ast.IterateAllNodes(node =>
{
if (node.Name == AstConstants.Node + ":" + AstConstants.Nodes.Expr_Include)
{
File file;
if (includeResolver.TryResolveInclude(node, out file))
{
Assert.IsTrue(shouldResolve);
}
else
{
Assert.IsFalse(shouldResolve);
}
}
return(true);
});
}
public void ResolveMultipleArrayElements(string phpCode)
{
XmlNode ast = PHPParseUtils.ParsePHPCode(phpCode, Config.PHPSettings.PHPParserPath).FirstChild.NextSibling;
var xmlNodes = ast.FirstChild.Cast <XmlNode>().ToList();
var varNodes = xmlNodes.Where(node => node.LocalName == AstConstants.Nodes.Expr_ArrayDimFetch);
var varResolver = new VariableResolver(new VariableStorage(), AnalysisScope.File);
var firstVar = varNodes.First();
var result = varResolver.ResolveVariable(firstVar);
result = varResolver.ResolveVariable(firstVar);
Assert.IsFalse(result.IsNew, "Var");
result = varResolver.ResolveVariable(varNodes.ElementAt(1));
Assert.IsTrue(result.IsNew, "First lookup of second var");
}
private void AssertNoOfVulnsInMultipleCodeFiles(Tuple <string, string>[] codeFiles, int numberOfVulns)
{
FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings);
fh.LoadJsonSpecifications();
var vulnStorage = new Mock <IVulnerabilityStorage>();
var parsedFiles = codeFiles.Select(code => new File(PHPParseUtils.ParsePHPCode(code.Item2, Config.PHPSettings.PHPParserPath))
{
FullPath = code.Item1,
CFG = PHPParseUtils.ParseAndIterate <CFGCreator>(code.Item2, Config.PHPSettings.PHPParserPath).Graph
}).ToArray();
Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileTaintAnalyzer = null;
fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) =>
{
Preconditions.NotNull(varStorage, "varStorage");
Preconditions.NotNull(inclResolver, "inclResolver");
var fileToAnalyze = stacks.IncludeStack.Peek();
var blockAnalyzer = new TaintBlockAnalyzer(vulnStorage.Object, inclResolver,
scope, fileTaintAnalyzer, stacks, new FunctionAndMethodAnalyzerFactory(), fh);
var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack, fh);
var cfgTaintAnalysis = new PHPAnalysis.Analysis.CFG.TaintAnalysis(blockAnalyzer, condAnalyser, varStorage);
var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG));
analyzer.Analyze(fileToAnalyze.CFG);
return(cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal]);
};
foreach (var file in parsedFiles)
{
var inclusionResolver = new IncludeResolver(parsedFiles);
var fileStack = new Stack <File>();
fileStack.Push(file);
var immutableInitialTaint = new DefaultTaintProvider().GetTaint();
var stacks = new AnalysisStacks(fileStack);
fileTaintAnalyzer(immutableInitialTaint, inclusionResolver, AnalysisScope.File, stacks);
}
vulnStorage.Verify(x => x.AddVulnerability(It.IsAny <IVulnerabilityInfo>()), Times.Exactly(numberOfVulns));
}
public void ResolveArrayElement(string phpCode, string varName)
{
XmlNode ast = PHPParseUtils.ParsePHPCode(phpCode, Config.PHPSettings.PHPParserPath).FirstChild.NextSibling;
var xmlNodes = ast.FirstChild.Cast <XmlNode>().ToList();
var varNodes = xmlNodes.Where(node => node.LocalName == AstConstants.Nodes.Expr_ArrayDimFetch);
var varResolver = new VariableResolver(new VariableStorage(), AnalysisScope.File);
foreach (var varNode in varNodes)
{
var result = varResolver.ResolveVariable(varNode);
Assert.AreEqual(varName, result.Variable.Name, "Names should match");
Assert.IsTrue(result.IsNew, "Variable should be new");
result = varResolver.ResolveVariable(varNode);
Assert.AreEqual(varName, result.Variable.Name, "Names should still match");
Assert.IsFalse(result.IsNew, "Variable is no longer new");
}
}
public void ResolveStaticPropertyFetch(string phpCode, string expectedVarName, string nodeType)
{
XmlNode ast = PHPParseUtils.ParsePHPCode(phpCode, Config.PHPSettings.PHPParserPath).FirstChild.NextSibling;
var xmlNodes = ast.FirstChild.Cast <XmlNode>()
.Where(node => node.LocalName == nodeType);
var propFetch = xmlNodes.First();
var varResolver = new VariableResolver(new VariableStorage(), AnalysisScope.File);
var result = varResolver.ResolveVariable(propFetch);
Assert.AreEqual(expectedVarName, result.Variable.Name, "Name should match");
Assert.IsTrue(result.IsNew, "New var");
result = varResolver.ResolveVariable(propFetch);
Assert.AreEqual(expectedVarName, result.Variable.Name, "Names should still match");
Assert.IsFalse(result.IsNew, "Variable is no longer new");
}
public void ResolveArrayElementMixIndexType()
{
string phpCode = @"<?php $a['1']; $a[1];";
XmlNode ast = PHPParseUtils.ParsePHPCode(phpCode, Config.PHPSettings.PHPParserPath).FirstChild.NextSibling;
var xmlNodes = ast.FirstChild.Cast <XmlNode>().ToList();
var varNodes = xmlNodes.Where(node => node.LocalName == AstConstants.Nodes.Expr_ArrayDimFetch);
var varResolver = new VariableResolver(new VariableStorage(), AnalysisScope.File);
var arrayfetch = varNodes.First();
var result = varResolver.ResolveVariable(arrayfetch);
Assert.AreEqual("1", result.Variable.Name, "Names should match");
Assert.IsTrue(result.IsNew, "Variable should be new");
result = varResolver.ResolveVariable(varNodes.ElementAt(1));
Assert.AreEqual("1", result.Variable.Name, "Names should still match");
Assert.IsFalse(result.IsNew, "Variable is no longer new");
}
public void ReversePostOrderAlgorithm1()
{
string phpCode = @"<?php
$i = 0;
if (true) {
$x;
} else if (true) {
$y;
} else {
$sdf;
}
echo $x;";
var cfg = PHPParseUtils.ParseAndIterate <CFGCreator>(phpCode, Config.PHPSettings.PHPParserPath).Graph;
new CFGPruner().Prune(cfg);
//cfg.VisualizeGraph("cfg", Config.GraphSettings);
var postOrder = new ReversePostOrderAlgorithm(cfg).CalculateReversePostOrder();
}
private CFGCreator ParseAndBuildCFG(string php)
{
return(PHPParseUtils.ParseAndIterate <CFGCreator>(php, Config.PHPSettings.PHPParserPath));
}
private XmlNode ParseAndGetAstStatementContent(string php)
{
var ast = PHPParseUtils.ParsePHPCode(php, Config.PHPSettings.PHPParserPath);
return(ast.FirstChild.NextSibling.FirstChild);
}
private ClassAndFunctionExtractor ParseAndExtract(string php)
{
return(PHPParseUtils.ParseAndIterate <ClassAndFunctionExtractor>(php, Config.PHPSettings.PHPParserPath));
}