function AspisTaintedDynamicCall() { $f_params = func_get_args(); $f_name = array_shift($f_params); $f_name = deAspisCallback($f_name); //the caller is tainted global $built_in_functions; if (empty($built_in_functions)) { load_functions(); } global $aspis_taint_details; if (empty($aspis_taint_details)) { loadTaintDetails(); } $is_function = is_string($f_name); if ($is_function && isset($built_in_functions[$f_name])) { //TODO: this doesn't and rather can't work with ref parameters. //That's because no matter what, I cannot get my hands in refs of the incoming params foreach ($f_params as &$value) { $value = deAspisRC($value); } return attAspisRC(call_user_func_array($f_name, $f_params)); } else { if ($is_function && !isset($aspis_taint_details[0][$f_name])) { foreach ($f_params as &$value) { $value = deAspisRCO($value); } return attAspisRCO(call_user_func_array($f_name, $f_params)); } else { $guard = AspisFindSinkGuard($f_name); if ($guard != "") { if (isset($f_params[0])) { $f_params[0] = $guard($f_params[0]); } return call_user_func_array($f_name, $f_params); } else { $ret = call_user_func_array($f_name, $f_params); $i = AspisIsSanitiser($f_name); if ($i != -1) { $ret = AspisKillTaint($ret, $i); } return $ret; } } } }
function AspisTainted_usort(&$array, $cmp_function) { global $aspis_taint_details; if (empty($aspis_taint_details)) { loadTaintDetails(); } global $built_in_functions; if (empty($built_in_functions)) { load_functions(); } $cmp_function = deAspisCallback($cmp_function); //these cases need dereferencing of the arguments if (is_string($cmp_function)) { if (isset($built_in_functions[$cmp_function]) || !isset($aspis_taint_details[0][$cmp_function])) { $n_cmp_function = function ($op1, $op2) use($cmp_function) { return call_user_func($cmp_function, $op1[0], $op2[0]); }; return array(usort($array[0], $n_cmp_function), false); } } else { $class = get_class($cmp_function[0]); if ($class == "AspisProxy") { //the enclosed obj is untainted $f = array($cmp_function[0]->obj, $cmp_function[1]); $n_cmp_function = function ($op1, $op2) use($f) { return call_user_func($f, $op1[0], $op2[0]); }; return array(usort($array[0], $n_cmp_function), false); } } //in al other cases, no dereferecning required $n_cmp_function = function ($op1, $op2) use($cmp_function) { $res = call_user_func($cmp_function, $op1, $op2); return $res[0]; }; return array(usort($array[0], $n_cmp_function), false); }