public void ResolveInclude(string phpCode, string[] existingFiles, bool shouldResolve) { var includeResolver = new IncludeResolver(existingFiles.Select(f => new File() { FullPath = f }).ToList()); var ast = PHPParseUtils.ParsePHPCode(phpCode, Config.PHPSettings.PHPParserPath); ast.IterateAllNodes(node => { if (node.Name == AstConstants.Node + ":" + AstConstants.Nodes.Expr_Include) { File file; if (includeResolver.TryResolveInclude(node, out file)) { Assert.IsTrue(shouldResolve); } else { Assert.IsFalse(shouldResolve); } } return(true); }); }
public void ProcessBeforeInterior(ITreeNode element) { AppendRemainingMessage(element); if (!(element is IT4IncludeDirective include)) return; var file = (IT4File) element.GetContainingFile().NotNull(); Results.Push(new T4CSharpCodeGenerationIntermediateResult(file, Interrupter)); var sourceFile = IncludeResolver.Resolve(include.ResolvedPath); if (sourceFile == null) { var target = include.GetFirstAttribute(T4DirectiveInfoManager.Include.FileAttribute)?.Value ?? element; var data = T4FailureRawData.FromElement(target, $"Unresolved include: {target.GetText()}"); Interrupter.InterruptAfterProblem(data); Guard.StartProcessing(file.LogicalPsiSourceFile.GetLocation()); return; } if (include.Once && Guard.HasSeenFile(sourceFile.GetLocation())) return; if (!Guard.CanProcess(sourceFile.GetLocation())) { var target = include.GetFirstAttribute(T4DirectiveInfoManager.Include.FileAttribute)?.Value ?? element; var data = T4FailureRawData.FromElement(target, "Recursion in includes"); Interrupter.InterruptAfterProblem(data); Guard.StartProcessing(sourceFile.GetLocation()); return; } var resolved = include.IncludedFile; Guard.StartProcessing(sourceFile.GetLocation()); resolved?.ProcessDescendants(this); }
private CompositeElement ResolveIncludeDirective([NotNull] IT4IncludeDirective directive) { if (LogicalSourceFile == null) { return(null); } var pathWithMacros = directive.ResolvedPath; var path = IncludeResolver?.ResolvePath(pathWithMacros); if (path == null) { return(null); } var includeFile = T4ParsingContextHelper.ExecuteGuarded( path, directive.Once, () => IncludeResolver?.Resolve(pathWithMacros) ); if (includeFile == null) { return(null); } return(BuildIncludedT4Tree(includeFile)); }
private void ParseAndAnalyze(string php, IVulnerabilityStorage storage) { FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings); fh.LoadJsonSpecifications(); var extractedFuncs = PHPParseUtils.ParseAndIterate <ClassAndFunctionExtractor>(php, Config.PHPSettings.PHPParserPath).Functions; fh.CustomFunctions.AddRange(extractedFuncs); var cfg = PHPParseUtils.ParseAndIterate <CFGCreator>(php, Config.PHPSettings.PHPParserPath).Graph; var incResolver = new IncludeResolver(new List <File>()); var fileStack = new Stack <File>(); fileStack.Push(new File() { FullPath = @"C:\TestFile.txt" }); var condAnalyser = new ConditionTaintAnalyser(AnalysisScope.File, incResolver, fileStack, fh); var funcMock = new Mock <Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> >(); var blockAnalyzer = new TaintBlockAnalyzer(storage, incResolver, AnalysisScope.File, funcMock.Object, new AnalysisStacks(fileStack), new FunctionAndMethodAnalyzerFactory(), fh); var immutableInitialTaint = new DefaultTaintProvider().GetTaint(); var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, immutableInitialTaint); var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist()); taintAnalysis.Analyze(cfg); }
public override void VisitIncludeDirectiveNode(IT4IncludeDirective includeDirectiveParam) { string suffix = Result.State.ProduceBeforeEof(); if (!string.IsNullOrEmpty(suffix)) AppendTransformation(suffix, Result.State.FirstNode); Guard.TryEndProcessing(IncludeResolver.Resolve(includeDirectiveParam.ResolvedPath).GetLocation()); var intermediateResults = Results.Pop(); Result.Append(intermediateResults); }
public static T SetIncludeResolver <T>(this T context, IncludeResolver includeResolver) where T : IQueryVisitorContext { if (!(context is IQueryVisitorContextWithIncludeResolver includeContext)) { throw new ArgumentException("Context must be of type IQueryVisitorContextWithIncludeResolver", nameof(context)); } includeContext.IncludeResolver = includeResolver; return(context); }
public static T SetIncludeResolver <T>(this T context, IncludeResolver includeResolver) where T : IQueryVisitorContext { var aliasContext = context as IQueryVisitorContextWithIncludeResolver; if (aliasContext == null) { throw new ArgumentException("Context must be of type IQueryVisitorContextWithIncludeResolver", nameof(context)); } aliasContext.IncludeResolver = includeResolver; return(context); }
protected void Include() { Match("INCLUDE"); GetString(); string module = Current; if (IncludeResolver == null) { throw new Exception("Tried to Include without resolver set"); } readers.Push(new Reader(module, IncludeResolver.GetSourceCode(module))); Program(); readers.Pop(); Scan(); }
private void AssertNoOfVulnsInMultipleCodeFiles(Tuple <string, string>[] codeFiles, int numberOfVulns) { FunctionsHandler fh = new FunctionsHandler(Config.FuncSpecSettings); fh.LoadJsonSpecifications(); var vulnStorage = new Mock <IVulnerabilityStorage>(); var parsedFiles = codeFiles.Select(code => new File(PHPParseUtils.ParsePHPCode(code.Item2, Config.PHPSettings.PHPParserPath)) { FullPath = code.Item1, CFG = PHPParseUtils.ParseAndIterate <CFGCreator>(code.Item2, Config.PHPSettings.PHPParserPath).Graph }).ToArray(); Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileTaintAnalyzer = null; fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) => { Preconditions.NotNull(varStorage, "varStorage"); Preconditions.NotNull(inclResolver, "inclResolver"); var fileToAnalyze = stacks.IncludeStack.Peek(); var blockAnalyzer = new TaintBlockAnalyzer(vulnStorage.Object, inclResolver, scope, fileTaintAnalyzer, stacks, new FunctionAndMethodAnalyzerFactory(), fh); var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack, fh); var cfgTaintAnalysis = new PHPAnalysis.Analysis.CFG.TaintAnalysis(blockAnalyzer, condAnalyser, varStorage); var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG)); analyzer.Analyze(fileToAnalyze.CFG); return(cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal]); }; foreach (var file in parsedFiles) { var inclusionResolver = new IncludeResolver(parsedFiles); var fileStack = new Stack <File>(); fileStack.Push(file); var immutableInitialTaint = new DefaultTaintProvider().GetTaint(); var stacks = new AnalysisStacks(fileStack); fileTaintAnalyzer(immutableInitialTaint, inclusionResolver, AnalysisScope.File, stacks); } vulnStorage.Verify(x => x.AddVulnerability(It.IsAny <IVulnerabilityInfo>()), Times.Exactly(numberOfVulns)); }
private void ProcessInclude([NotNull] IT4IncludeDirective include) { var sourceFile = IncludeResolver.Resolve(include.ResolvedPath); if (sourceFile == null) { ReportUnresolvedPath(include); return; } if (!Guard.CanProcess(sourceFile.GetLocation())) { return; } if (include.Once && Guard.HasSeenFile(sourceFile.GetLocation())) { ReportRedundantInclude(include); } }
protected override T4IncludeData Build(IT4File file) { if (file.PhysicalPsiSourceFile?.IsBeingIndirectlyUpdated() == true) { // Since the contents of this file did not change, // the list of its direct includes did not change either, // so there's no point in doing anything here return(null); } return(new T4IncludeData(file .GetThisAndChildrenOfType <IT4IncludeDirective>() .Where(directive => directive.IsVisibleInDocument()) .Select(directive => IncludeResolver.ResolvePath(directive.ResolvedPath)) .Where(path => !path.IsEmpty) .Distinct() .ToList() )); }
private static CompilerOptions CreateCompilerOptions(CommandLine commandLine) { List <string> references = new List <string>(); List <IStreamSource> sources = new List <IStreamSource>(); List <IStreamSource> resources = new List <IStreamSource>(); List <string> defines = new List <string>(); List <string> scripts = new List <string>(); bool debug = false; bool includeTests = false; bool minimize = true; IStreamSource scriptFile = null; IStreamSourceResolver includeResolver = null; foreach (string fileName in commandLine.Arguments) { // TODO: This is a hack... something in the .net 4 build system causes // generation of an AssemblyAttributes.cs file with fully-qualified // type names, that we can't handle (this comes from multitargeting), // and there doesn't seem like a way to turn it off. if (fileName.EndsWith(".AssemblyAttributes.cs", StringComparison.OrdinalIgnoreCase)) { continue; } sources.Add(new FileInputStreamSource(fileName)); } object referencesObject = commandLine.Options["ref"]; if (referencesObject is string) { references.Add((string)referencesObject); } else if (referencesObject is ArrayList) { ArrayList referenceList = (ArrayList)referencesObject; foreach (string reference in referenceList) { // TODO: This is a hack... something in the .net 4 build system causes // System.Core.dll to get included [sometimes]. // That shouldn't happen... so filter it out here. if (reference.EndsWith("System.Core.dll", StringComparison.OrdinalIgnoreCase)) { continue; } references.Add(reference); } } object resourcesObject = commandLine.Options["res"]; if (resourcesObject is string) { resources.Add(new FileInputStreamSource((string)resourcesObject)); } else if (resourcesObject is ArrayList) { ArrayList resourceList = (ArrayList)resourcesObject; foreach (string resource in resourceList) { resources.Add(new FileInputStreamSource(resource)); } } object definesObject = commandLine.Options["D"]; if (definesObject is string) { defines.Add((string)definesObject); } else if (definesObject is ArrayList) { ArrayList definesList = (ArrayList)definesObject; foreach (string definedVariable in definesList) { defines.Add(definedVariable); } } string scriptFilePath = null; if (commandLine.Options.Contains("out")) { scriptFilePath = (string)commandLine.Options["out"]; if (scriptFilePath.IndexOfAny(Path.GetInvalidPathChars()) < 0) { scriptFile = new FileOutputStreamSource(scriptFilePath); } } debug = commandLine.Options.Contains("debug"); if (debug && !defines.Contains("DEBUG")) { defines.Add("DEBUG"); } includeTests = commandLine.Options.Contains("tests"); minimize = commandLine.Options.Contains("minimize"); if (commandLine.Options.Contains("inc")) { string basePath = (string)commandLine.Options["inc"]; includeResolver = new IncludeResolver(basePath); } CompilerOptions compilerOptions = new CompilerOptions(); compilerOptions.IncludeTests = includeTests; compilerOptions.Defines = defines; compilerOptions.Minimize = minimize; compilerOptions.References = references; compilerOptions.Sources = sources; compilerOptions.Resources = resources; compilerOptions.ScriptFile = scriptFile; compilerOptions.IncludeResolver = includeResolver; compilerOptions.InternalTestMode = commandLine.Options.Contains("test"); if (compilerOptions.InternalTestMode) { compilerOptions.InternalTestType = (string)commandLine.Options["test"]; } return(compilerOptions); }
public static T IncludeResolver <T>(this T options, IncludeResolver includeResolver) where T : ICommandOptions { options.Values.Set(IncludeResolverKey, includeResolver); return(options); }
private static void Analyze(Arguments arguments, Config configuration) { Console.WriteLine("Parsing project at: " + arguments.Target); Console.WriteLine(); foreach (var analysisStartingListener in _components.AnalysisStartingListeners) { // TODO - This should probably be a proper event - same goes for EndingEvent (this will also remove the loop(s)). analysisStartingListener.AnalysisStarting(null, new AnalysisStartingEventArgs(configuration, arguments)); } var stopwatch = Stopwatch.StartNew(); Console.WriteLine("Building ASTs.."); ParseResult parseResult = ParseTarget(arguments, configuration); Console.WriteLine(" - AST build for {0} files ({1} failed)..", parseResult.ParsedFiles.Count, parseResult.FilesThatFailedToParse.Count); Console.WriteLine("Traversing ASTs.."); var filesCollection = new List <File>(); var runningVulnReporter = new CompositeVulneribilityReporter(_components.VulnerabilityReporters); var vulnerabilityStorage = new ReportingVulnerabilityStorage(runningVulnReporter, _funcHandler); var progrssIndicator = ProgressIndicatorFactory.CreateProgressIndicator(parseResult.ParsedFiles.Count()); foreach (var parsedFile in parseResult.ParsedFiles) { progrssIndicator.Step(); var file = BuildFileCFGAndExtractFileInformation(parsedFile); filesCollection.Add(file); } var subroutineAnalyzerFactory = new FunctionAndMethodAnalyzerFactory { UseSummaries = arguments.UseFunctionSummaries }; Func <ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileTaintAnalyzer = null; fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) => { Preconditions.NotNull(varStorage, "varStorage"); Preconditions.NotNull(inclResolver, "inclResolver"); var blockAnalyzer = new TaintBlockAnalyzer(vulnerabilityStorage, inclResolver, scope, fileTaintAnalyzer, stacks, subroutineAnalyzerFactory, _funcHandler); blockAnalyzer.AnalysisExtensions.AddRange(_components.BlockAnalyzers); var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack, _funcHandler); var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, varStorage); var fileToAnalyze = stacks.IncludeStack.Peek(); var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG)); //var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist()); analyzer.Analyze(fileToAnalyze.CFG); return(cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal]); }; foreach (var file in filesCollection) { Console.WriteLine(Environment.NewLine + "============================="); Console.WriteLine("Analyzing {0}..", file.FullPath); var initialTaint = GetDefaultTaint(); var inclusionResolver = new IncludeResolver(filesCollection); var stacks = new AnalysisStacks(file); fileTaintAnalyzer(initialTaint, inclusionResolver, AnalysisScope.File, stacks); } Console.WriteLine("Scanned {0}/{1} subroutines. ", _funcHandler.ScannedFunctions.Count, _funcHandler.CustomFunctions.Count, _funcHandler); if (arguments.ScanAllSubroutines) { Console.WriteLine("Scanning remaining subroutines.."); ScanUnscannedSubroutines(filesCollection, fileTaintAnalyzer, subroutineAnalyzerFactory, vulnerabilityStorage); } vulnerabilityStorage.CheckForStoredVulnerabilities(); //parseResult.ParsedFiles.Values.First().Save(@"C:\Users\Kenneth\Documents\Uni\TestScript\current\parsedFile"); stopwatch.Stop(); foreach (var analysisEndedListener in _components.AnalysisEndedListeners) { analysisEndedListener.AnalysisEnding(null, new AnalysisEndedEventArgs(stopwatch.Elapsed)); } Console.WriteLine("Time spent: " + stopwatch.Elapsed); Console.WriteLine("Found {0} vulnerabilities.", runningVulnReporter.NumberOfReportedVulnerabilities); }
public static Task <IQueryNode> RunAsync(IQueryNode node, IncludeResolver includeResolver, IQueryVisitorContextWithIncludeResolver context = null, ShouldSkipIncludeFunc shouldSkipInclude = null) { return(new IncludeVisitor(shouldSkipInclude).AcceptAsync(node, context ?? new QueryVisitorContextWithIncludeResolver { IncludeResolver = includeResolver })); }
public static IQueryNode Run(IQueryNode node, IncludeResolver includeResolver, IQueryVisitorContextWithIncludeResolver context = null, ShouldSkipIncludeFunc shouldSkipInclude = null) { return(RunAsync(node, includeResolver, context, shouldSkipInclude).GetAwaiter().GetResult()); }
public ElasticQueryParserConfiguration UseIncludes(IncludeResolver includeResolver, ShouldSkipIncludeFunc shouldSkipInclude = null, int priority = 0) { IncludeResolver = includeResolver; return(AddVisitor(new IncludeVisitor(shouldSkipInclude), priority)); }