Inheritance: IIncludeResolver
示例#1
0
文件: CTLLTL.cs 项目: jtvn/Eir-CTLLTL
        public void makeModel(BidirectionalGraph<CFGBlock, TaggedEdge<CFGBlock, EdgeTag>> graph, IncludeResolver resolver, string path)
        {
            this.graph = graph;
            this.resolver = resolver;
            var root = graph.Roots ().Single (v => v.IsSpecialBlock);

            BFS (root, this.graph);

            Console.WriteLine("Finished BFS Traversal, generating if sentences...");
            GenerateIf ();

            Console.WriteLine("Writing to file...");
            WriteToFile (path);
        }
示例#2
0
        public void ResolveInclude(string phpCode, string[] existingFiles, bool shouldResolve)
        {
            var includeResolver = new IncludeResolver(existingFiles.Select(f => new File() {FullPath = f}).ToList());

            var ast = PHPParseUtils.ParsePHPCode(phpCode, Config.PHPSettings.PHPParserPath);

            ast.IterateAllNodes(node =>
            {
                if (node.Name == AstConstants.Node + ":" + AstConstants.Nodes.Expr_Include)
                {
                    File file;
                    if (includeResolver.TryResolveInclude(node, out file))
                    {
                        Assert.IsTrue(shouldResolve);
                    }
                    else
                    {
                        Assert.IsFalse(shouldResolve);
                    }
                }
                return true;
            });
        }
示例#3
0
        private static void Analyze(Arguments arguments, Config configuration)
        {
            Console.WriteLine ("Parsing project at: " + arguments.Target);
            Console.WriteLine ();

            var stopwatch = Stopwatch.StartNew ();

            Console.WriteLine ("Building ASTs..");
            ParseResult parseResult = ParseTarget (arguments, configuration);

            Console.WriteLine (" - AST build for " + parseResult.ParsedFiles.Count + " files (" + parseResult.FilesThatFailedToParse.Count + " failed)..");
            Console.WriteLine ("Traversing ASTs..");

            var filesCollection = new List<File> ();

            foreach (var parsedFile in parseResult.ParsedFiles) {
                ExtractFunctions (parsedFile);
            }

            /*Parallel.ForEach(parseResult.ParsedFiles,parsedFile =>
            {
                ExtractFunctions(parsedFile);
            });*/

            var bag = new ConcurrentBag<File> ();
            Parallel.ForEach (parseResult.ParsedFiles, parsedFile => {
                Console.WriteLine ("File: " + parsedFile.Key);

                var file = BuildFileCFGAndExtractFileInformation (parsedFile);
                bag.Add (file);
            });

            filesCollection.AddRange (bag);

            Console.WriteLine ("Creating CTLLTL Model...");
            File mainfile = filesCollection.Find (x => x.Name == arguments.Main);
            IncludeResolver ir = new IncludeResolver (filesCollection);
            var c = new CTLLTL ();
            string p = Path.Combine (arguments.Result, "graph-ctl");
            mainfile.CFG.VisualizeGraph (p, Configuration.GraphSettings);
            c.makeModel ((QuickGraph.BidirectionalGraph<CFGBlock, QuickGraph.TaggedEdge<CFGBlock, EdgeTag>>)mainfile.CFG, ir, Path.Combine (arguments.Result, "model.smv"));
            stopwatch.Stop ();
            Console.WriteLine ("Time spent: " + stopwatch.Elapsed);
        }
示例#4
0
        private void ParseAndAnalyze(string php, IVulnerabilityStorage storage)
        {
            var extractedFuncs = PHPParseUtils.ParseAndIterate<ClassAndFunctionExtractor>(php, Config.PHPSettings.PHPParserPath).Functions;
            FunctionsHandler.Instance.CustomFunctions.AddRange(extractedFuncs);

            var cfg = PHPParseUtils.ParseAndIterate<CFGCreator>(php, Config.PHPSettings.PHPParserPath).Graph;

            var incResolver = new IncludeResolver(new List<File>());
            var fileStack = new Stack<File>();
            fileStack.Push(new File() { FullPath = @"C:\TestFile.txt" });
            var condAnalyser = new ConditionTaintAnalyser(AnalysisScope.File, incResolver, fileStack);

            var funcMock = new Mock<Func<ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage>>();
            var blockAnalyzer = new TaintBlockAnalyzer(storage, incResolver, AnalysisScope.File, funcMock.Object, new AnalysisStacks(fileStack), new FunctionAndMethodAnalyzerFactory());
            var immutableInitialTaint = new DefaultTaintProvider().GetTaint();
            var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, immutableInitialTaint);
            var taintAnalysis = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist());
            taintAnalysis.Analyze(cfg);
        }
示例#5
0
        private void AssertNoOfVulnsInMultipleCodeFiles(Tuple<string, string>[] codeFiles, int numberOfVulns)
        {
            var vulnStorage = new Mock<IVulnerabilityStorage>();

            var parsedFiles = codeFiles.Select(code => new File(PHPParseUtils.ParsePHPCode(code.Item2, Config.PHPSettings.PHPParserPath)) 
                                                       {
                                                            FullPath = code.Item1,
                                                            CFG =  PHPParseUtils.ParseAndIterate<CFGCreator>(code.Item2, Config.PHPSettings.PHPParserPath).Graph
                                                       }).ToArray();

            Func<ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks, ImmutableVariableStorage> fileTaintAnalyzer = null;
            fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) =>
            {
                Preconditions.NotNull(varStorage, "varStorage");
                Preconditions.NotNull(inclResolver, "inclResolver");
                var fileToAnalyze = stacks.IncludeStack.Peek();
                var blockAnalyzer = new TaintBlockAnalyzer(vulnStorage.Object, inclResolver, scope, fileTaintAnalyzer, stacks, new FunctionAndMethodAnalyzerFactory());
                var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack);
                var cfgTaintAnalysis = new PHPAnalysis.Analysis.CFG.TaintAnalysis(blockAnalyzer, condAnalyser, varStorage);
                var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG));
                
                analyzer.Analyze(fileToAnalyze.CFG);
                return cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal];
            };

            foreach (var file in parsedFiles)
            {
                var inclusionResolver = new IncludeResolver(parsedFiles);
                var fileStack = new Stack<File>();
                fileStack.Push(file);
                var immutableInitialTaint = new DefaultTaintProvider().GetTaint();

                var stacks = new AnalysisStacks(fileStack);
                fileTaintAnalyzer(immutableInitialTaint, inclusionResolver, AnalysisScope.File, stacks);
            }

            vulnStorage.Verify(x => x.AddVulnerability(It.IsAny<IVulnerabilityInfo>()), Times.Exactly(numberOfVulns));
        }
示例#6
0
        private static void Analyze(Arguments arguments, Config configuration)
        {
            Console.WriteLine("Parsing project at: " + arguments.Target);
            Console.WriteLine();

            foreach (var analysisStartingListener in _components.AnalysisStartingListeners)
            {
                // TODO - This should probably be a proper event - same goes for EndingEvent (this will also remove the loop(s)).
                analysisStartingListener.AnalysisStarting(null, new AnalysisStartingEventArgs(configuration, arguments));
            }

            var stopwatch = Stopwatch.StartNew();

            Console.WriteLine("Building ASTs..");
            ParseResult parseResult = ParseTarget(arguments, configuration);

            Console.WriteLine(" - AST build for {0} files ({1} failed)..", parseResult.ParsedFiles.Count, parseResult.FilesThatFailedToParse.Count);
            Console.WriteLine("Traversing ASTs..");

            var filesCollection = new List<File>();
            var runningVulnReporter = new CompositeVulneribilityReporter(_components.VulnerabilityReporters);
            var vulnerabilityStorage = new ReportingVulnerabilityStorage(runningVulnReporter);

            var progrssIndicator = ProgressIndicatorFactory.CreateProgressIndicator(parseResult.ParsedFiles.Count());
            foreach (var parsedFile in parseResult.ParsedFiles)
            {
                progrssIndicator.Step();

                var file = BuildFileCFGAndExtractFileInformation(parsedFile);
                filesCollection.Add(file);
            }

            var subroutineAnalyzerFactory = new FunctionAndMethodAnalyzerFactory { UseSummaries = arguments.UseFunctionSummaries };
            Func<ImmutableVariableStorage, IIncludeResolver, AnalysisScope, AnalysisStacks,
                 ImmutableVariableStorage> fileTaintAnalyzer = null;
            fileTaintAnalyzer = (varStorage, inclResolver, scope, stacks) =>
            {
                Preconditions.NotNull(varStorage, "varStorage");
                Preconditions.NotNull(inclResolver, "inclResolver");

                var blockAnalyzer = new TaintBlockAnalyzer(vulnerabilityStorage, inclResolver, scope, fileTaintAnalyzer, stacks, subroutineAnalyzerFactory);
                blockAnalyzer.AnalysisExtensions.AddRange(_components.BlockAnalyzers);
                var condAnalyser = new ConditionTaintAnalyser(scope, inclResolver, stacks.IncludeStack);
                var cfgTaintAnalysis = new TaintAnalysis(blockAnalyzer, condAnalyser, varStorage);
                var fileToAnalyze = stacks.IncludeStack.Peek();
                var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new ReversePostOrderWorkList(fileToAnalyze.CFG));
                //var analyzer = new CFGTraverser(new ForwardTraversal(), cfgTaintAnalysis, new QueueWorklist());
                analyzer.Analyze(fileToAnalyze.CFG);
                return cfgTaintAnalysis.Taints[fileToAnalyze.CFG.Vertices.Single(block => block.IsLeaf)].Out[EdgeType.Normal];
            };

            foreach (var file in filesCollection)
            {
                Console.WriteLine(Environment.NewLine + "=============================");
                Console.WriteLine("Analyzing {0}..", file.FullPath);
                var initialTaint = GetDefaultTaint();
                var inclusionResolver = new IncludeResolver(filesCollection);

                var stacks = new AnalysisStacks(file);
                fileTaintAnalyzer(initialTaint, inclusionResolver, AnalysisScope.File, stacks);
            }

            Console.WriteLine("Scanned {0}/{1} subroutines. ", FunctionsHandler.Instance.ScannedFunctions.Count, FunctionsHandler.Instance.CustomFunctions.Count);

            if (arguments.ScanAllSubroutines)
            {
                Console.WriteLine("Scanning remaining subroutines..");
                ScanUnscannedSubroutines(filesCollection, fileTaintAnalyzer, subroutineAnalyzerFactory, vulnerabilityStorage);
            }

            vulnerabilityStorage.CheckForStoredVulnerabilities();
            //parseResult.ParsedFiles.Values.First().Save(@"C:\Users\Kenneth\Documents\Uni\TestScript\current\parsedFile");

            stopwatch.Stop();

            foreach (var analysisEndedListener in _components.AnalysisEndedListeners)
            {
                analysisEndedListener.AnalysisEnding(null, new AnalysisEndedEventArgs(stopwatch.Elapsed));
            }

            Console.WriteLine("Time spent: " + stopwatch.Elapsed);
            Console.WriteLine("Found {0} vulnerabilities.", runningVulnReporter.NumberOfReportedVulnerabilities);
        }