public static function isSecretTaintSource($expr) { if ($expr instanceof PhpParser\Node\Expr\MethodCall || $expr instanceof PhpParser\Node\Expr\FuncCall || $expr instanceof PhpParser\Node\Expr\StaticCall) { // Check if it's an invocation of a tainting function. if (isset(TaintSource::$SecretTaintedFunctions[(string) $expr->name])) { return True; } // Check if any arguments is tainted. foreach ($expr->args as $arg) { if (TaintSource::isSecretTaintSource($arg)) { return True; } } } return False; }
function fileTaintAnalysis($fileCFGInfo) { $mainCFG = $fileCFGInfo->getMainCFG(); $functionCFGs = $fileCFGInfo->getFunctionCFGs(); $functionSignatures = $fileCFGInfo->getFunctionSignatures(); // Initialize pre-defined taint information. TaintSource::initializeTaintSources(); // Construction the taint map for the main function. $mainTaintMap = cfgTaintAnalysis($mainCFG); // Constructing the taint maps for each internal function. $functionTaintMaps = array(); foreach ($functionCFGs as $functionName => $functionCFG) { $functionTaintMap = cfgTaintAnalysis($functionCFG); $functionTaintMaps[$functionName] = $functionTaintMap; } return new FileTaintMap($mainTaintMap, $functionTaintMaps); }