/// <summary>
/// Widens given values
/// </summary>
/// <param name="values">input values</param>
/// <param name="Context">Snapshot</param>
/// <returns>Memory entry with widen values</returns>
public MemoryEntry Widen(IEnumerable <Value> values, SnapshotBase Context)
{
flags = FlagsHandler.GetFlags(values);
foreach (var value in values)
{
value.Accept(this);
}
return(GetResult(Context));
}
/// <inheritdoc />
public override void Eval(FlowController flow, MemoryEntry code)
{
var flags = FlagsHandler.GetFlags(code.PossibleValues);
if (flags.isDirty(FlagType.FilePathDirty) || flags.isDirty(FlagType.SQLDirty) || flags.isDirty(FlagType.FilePathDirty))
{
AnalysisWarningHandler.SetWarning(flow.OutSet, new AnalysisSecurityWarning(flow.CurrentScript.FullName, "Eval shoudn't contain anything from user input", flow.CurrentPartial, flow.CurrentProgramPoint, FlagType.HTMLDirty));
}
double evalDepth = 0;
var maxValue = new MaxValueVisitor(flow.OutSet);
evalDepth = maxValue.Evaluate(flow.OutSet.GetControlVariable(FunctionResolver.evalDepth).ReadMemory(flow.OutSet.Snapshot));
if (evalDepth > 3)
{
AnalysisWarningHandler.SetWarning(flow.OutSet, new AnalysisWarning(flow.CurrentScript.FullName, @"Eval cannot be called in ""eval recursion"" more than 3 times", flow.CurrentPartial, flow.CurrentProgramPoint, AnalysisWarningCause.TOO_DEEP_EVAL_RECURSION));
return;
}
StringConverter converter = new StringConverter();
converter.SetContext(flow);
bool isAllwasConcrete = true;
var codes = new HashSet <string>();
foreach (StringValue possibleFile in converter.Evaluate(code, out isAllwasConcrete))
{
codes.Add(string.Format("<? {0}; ?>", possibleFile.Value));
}
if (isAllwasConcrete == false)
{
AnalysisWarningHandler.SetWarning(flow.OutSet, new AnalysisWarning(flow.CurrentScript.FullName, "Couldn't resolve all possible evals", flow.CurrentPartial, flow.CurrentProgramPoint, AnalysisWarningCause.COULDNT_RESOLVE_ALL_EVALS));
}
foreach (var branchKey in flow.ExtensionKeys)
{
if (branchKey is string)
{
if (!codes.Remove(branchKey as string))
{
//this eval is now not resolved as possible eval branch
flow.RemoveExtension(branchKey);
}
}
}
int numberOfWarnings = 0;
foreach (var sourceCode in codes)
{
try
{
var cfg = ControlFlowGraph.ControlFlowGraph.FromSource(sourceCode, flow.CurrentScript.FullName);
var ppGraph = ProgramPointGraph.FromSource(cfg);
flow.AddExtension(sourceCode, ppGraph, ExtensionType.ParallelEval);
}
catch (ControlFlowGraph.ControlFlowException)
{
numberOfWarnings++;
AnalysisWarningHandler.SetWarning(flow.OutSet, new AnalysisWarning(flow.CurrentScript.FullName, "Control flow graph creation error", flow.CurrentPartial, flow.CurrentProgramPoint, AnalysisWarningCause.CFG_EXCEPTION_IN_INCLUDE_OR_EVAL));
}
catch (Parsers.ParserException)
{
numberOfWarnings++;
AnalysisWarningHandler.SetWarning(flow.OutSet, new AnalysisWarning(flow.CurrentScript.FullName, "Parser error", flow.CurrentPartial, flow.CurrentProgramPoint, AnalysisWarningCause.PARSER_EXCEPTION_IN_INCLUDE_OR_EVAL));
}
}
if (numberOfWarnings > 0)
{
if (numberOfWarnings == codes.Count && isAllwasConcrete == true)
{
fatalError(flow, true);
}
else
{
fatalError(flow, false);
}
}
}