/package/src/progpilot/Outputs/MyOutputs.php

https://github.com/designsecurity/progpilot · PHP · 228 lines · 177 code · 44 blank · 7 comment · 12 complexity · e4634381ac88d5144b8d45ffca44cccf MD5 · raw file 

    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of ProgPilot, a static analyzer for security
    5. 

  5.  *
    6. 

  6.  * @copyright 2017 Eric Therond. All rights reserved
    7. 

  7.  * @license MIT See LICENSE at the root of the project for more info
    8. 

  8.  */
    9. 

  9. 

  10. 

  11. namespace progpilot\Outputs;
    12. 

  12. 

  13. use progpilot\Lang;
    14. 

  14. use progpilot\Representations\Callgraph;
    15. 

  15. use progpilot\Representations\ControlFlowGraph;
    16. 

  16. use progpilot\Representations\AbstractSyntaxTree;
    17. 

  17. 

  18. use PhpParser\NodeTraverser;
    19. 

  19. 

  20. class MyOutputs
    21. 

  21. {
    22. 

  22.     private $results;
    23. 

  23.     private $resolveIncludes;
    24. 

  24.     private $resolveIncludesFile;
    25. 

  25.     private $onAddResult;
    26. 

  26.     private $taintedFlow;
    27. 

  27.     private $countfilesanalyzed;
    28. 

  28. 

  29.     public $currentIncludesFile;
    30. 

  30.     public $cfg;
    31. 

  31.     public $callgraph;
    32. 

  32.     public $ast;
    33. 

  33. 

  34.     public function __construct()
    35. 

  35.     {
    36. 

  36.         $this->resolveIncludes = false;
    37. 

  37.         $this->resolveIncludesFile = null;
    38. 

  38.         $this->currentIncludesFile = [];
    39. 

  39.         $this->results = [];
    40. 

  40.         $this->taintedFlow = false;
    41. 

  41.         $this->onAddResult = null;
    42. 

  42.         $this->countfilesanalyzed = 0;
    43. 

  43.         
    44. 

  44.         $this->resetRepresentations();
    45. 

  45.     }
    46. 

  46. 

  47.     public function resetRepresentations()
    48. 

  48.     {
    49. 

  49.         //$this->results = [];
    50. 

  50.         $this->cfg = new ControlFlowGraph;
    51. 

  51.         $this->callgraph = new Callgraph;
    52. 

  52.         $this->ast = new AbstractSyntaxTree;
    53. 

  53.     }
    54. 

  54. 

  55.     public function getAst()
    56. 

  56.     {
    57. 

  57.         $nodesjson = [];
    58. 

  58.         $linksjson = [];
    59. 

  59. 

  60.         foreach ($this->ast->getNodes() as $node) {
    61. 

  61.             $hash = spl_object_hash($node);
    62. 

  62. 

  63.             $nodesjson[] = array('name' => get_class($node), 'id' => $hash);
    64. 

  64.         }
    65. 

  65. 

  66.         foreach ($this->ast->getEdges() as $edge) {
    67. 

  67.             $caller = $edge[0];
    68. 

  68.             $callee = $edge[1];
    69. 

  69. 

  70.             $hashcaller = spl_object_hash($caller);
    71. 

  71.             $hashcallee = spl_object_hash($callee);
    72. 

  72. 

  73.             if ($hashcaller !== $hashcallee) {
    74. 

  74.                 $linksjson[] = array('target' => $hashcallee, 'source' => $hashcaller);
    75. 

  75.             }
    76. 

  76.         }
    77. 

  77. 

  78.         $outputjson = array('nodes' => $nodesjson, 'links' => $linksjson);
    79. 

  79. 

  80.         return $outputjson;
    81. 

  81.     }
    82. 

  82. 

  83.     public function getCfg()
    84. 

  84.     {
    85. 

  85.         $nodesjson = [];
    86. 

  86.         $linksjson = [];
    87. 

  87.         $realNodes = [];
    88. 

  88. 

  89.         foreach ($this->cfg->getNodes() as $id => $node) {
    90. 

  90.             $realNodes[] = $id;
    91. 

  91.             $nodesjson[] = array('name' => $this->cfg->getTextOfMyBlock($id), 'id' => $id);
    92. 

  92.         }
    93. 

  93. 

  94.         foreach ($this->cfg->getEdges() as $edge) {
    95. 

  95.             $callerId = $this->cfg->getIdOfNode($edge[0]);
    96. 

  96.             $calleeId = $this->cfg->getIdOfNode($edge[1]);
    97. 

  97. 

  98.             if ($callerId !== $calleeId
    99. 

  99.                 && in_array($callerId, $realNodes, true)
    100. 

  100.                     && in_array($calleeId, $realNodes, true)) {
    101. 

  101.                 $linksjson[] = array('source' => $callerId, 'target' => $calleeId);
    102. 

  102.             }
    103. 

  103.         }
    104. 

  104. 

  105.         $outputjson = array('nodes' => $nodesjson, 'links' => $linksjson);
    106. 

  106.         return $outputjson;
    107. 

  107.     }
    108. 

  108. 

  109.     public function getCallGraph()
    110. 

  110.     {
    111. 

  111.         $nodesjson = [];
    112. 

  112.         $linksjson = [];
    113. 

  113.         $realNodes = [];
    114. 

  114. 

  115.         $nodes = $this->callgraph->getNodes();
    116. 

  116. 

  117.         foreach ($nodes as $nodeCaller) {
    118. 

  118.             $realNodes[] = $nodeCaller->getId();
    119. 

  119.             $nodesjson[] = array('name' => $nodeCaller->getName(), 'id' => $nodeCaller->getId());
    120. 

  120.         }
    121. 

  121. 

  122.         foreach ($nodes as $key => $nodeCaller) {
    123. 

  123.             foreach ($nodeCaller->getChildren() as $key => $nodeCalleeId) {
    124. 

  124.                 $nodeCallee = $nodes[$nodeCalleeId];
    125. 

  125.                 if ($nodeCaller->getId() !== $nodeCallee->getId()
    126. 

  126.                                                     && in_array($nodeCaller->getId(), $realNodes, true)
    127. 

  127.                                                     && in_array($nodeCallee->getId(), $realNodes, true)) {
    128. 

  128.                     $linksjson[] = array('source' => $nodeCaller->getId(), 'target' => $nodeCallee->getId());
    129. 

  129.                 }
    130. 

  130.             }
    131. 

  131.         }
    132. 

  132. 

  133.         $outputjson = array('nodes' => $nodesjson, 'links' => $linksjson);
    134. 

  134.         return $outputjson;
    135. 

  135.     }
    136. 

  136.     
    137. 

  137.     public function setOnAddResult($func)
    138. 

  138.     {
    139. 

  139.         $this->onAddResult = $func;
    140. 

  140.     }
    141. 

  141.     
    142. 

  142.     public function getOnAddResult()
    143. 

  143.     {
    144. 

  144.         return $this->onAddResult;
    145. 

  145.     }
    146. 

  146. 

  147.     public function addResult($temp)
    148. 

  148.     {
    149. 

  149.         if (!in_array($temp, $this->results, true)) {
    150. 

  150.             if (!is_null($this->onAddResult)) {
    151. 

  151.                 $params = array($temp);
    152. 

  152.                 call_user_func($this->onAddResult, $params);
    153. 

  153.             }
    154. 

  154.             
    155. 

  155.             $this->results[] = $temp;
    156. 

  156.         }
    157. 

  157.     }
    158. 

  158. 

  159.     public function setResults(&$results)
    160. 

  160.     {
    161. 

  161.         $this->results = &$results;
    162. 

  162.     }
    163. 

  163. 

  164.     public function &getResults()
    165. 

  165.     {
    166. 

  166.         return $this->results;
    167. 

  167.     }
    168. 

  168. 

  169.     public function getCountAnalyzedFiles()
    170. 

  170.     {
    171. 

  171.         return $this->countfilesanalyzed;
    172. 

  172.     }
    173. 

  173. 

  174.     public function setCountAnalyzedFiles($nb)
    175. 

  175.     {
    176. 

  176.         $this->countfilesanalyzed = $nb;
    177. 

  177.     }
    178. 

  178. 

  179.     public function getResolveIncludes()
    180. 

  180.     {
    181. 

  181.         return $this->resolveIncludes;
    182. 

  182.     }
    183. 

  183. 

  184.     public function resolveIncludes($option)
    185. 

  185.     {
    186. 

  186.         $this->resolveIncludes = $option;
    187. 

  187.     }
    188. 

  188. 

  189.     public function resolveIncludesFile($file)
    190. 

  190.     {
    191. 

  191.         $this->resolveIncludesFile = $file;
    192. 

  192.     }
    193. 

  193. 

  194.     public function getresolveIncludesFile()
    195. 

  195.     {
    196. 

  196.         return $this->resolveIncludesFile;
    197. 

  197.     }
    198. 

  198. 

  199.     public function taintedFlow($bool)
    200. 

  200.     {
    201. 

  201.         $this->taintedFlow = $bool;
    202. 

  202.     }
    203. 

  203. 

  204.     public function getTaintedFlow()
    205. 

  205.     {
    206. 

  206.         return $this->taintedFlow;
    207. 

  207.     }
    208. 

  208. 

  209.     public function writeIncludesFile()
    210. 

  210.     {
    211. 

  211.         if ($this->resolveIncludes) {
    212. 

  212.             $fp = fopen($this->resolveIncludesFile, "w");
    213. 

  213.             if ($fp) {
    214. 

  214.                 $myArray = "";
    215. 

  215.                 if (count($this->currentIncludesFile) > 0) {
    216. 

  216.                     $myArray = [];
    217. 

  217.                     foreach ($this->currentIncludesFile as $includeFile) {
    218. 

  218.                         $myArray[] = [$includeFile->getName(), $includeFile->getLine(), $includeFile->getColumn()];
    219. 

  219.                     }
    220. 

  220.                 }
    221. 

  221. 

  222.                 $outputjson = array('includes_not_resolved' => $myArray);
    223. 

  223.                 fwrite($fp, json_encode($outputjson, JSON_UNESCAPED_SLASHES));
    224. 

  224.                 fclose($fp);
    225. 

  225.             }
    226. 

  226.         }
    227. 

  227.     }
    228. 

  228. }
    229.