public static function isSecretTaintSource($expr)
{
if ($expr instanceof PhpParser\Node\Expr\MethodCall || $expr instanceof PhpParser\Node\Expr\FuncCall || $expr instanceof PhpParser\Node\Expr\StaticCall) {
// Check if it's an invocation of a tainting function.
if (isset(TaintSource::$SecretTaintedFunctions[(string) $expr->name])) {
return True;
}
// Check if any arguments is tainted.
foreach ($expr->args as $arg) {
if (TaintSource::isSecretTaintSource($arg)) {
return True;
}
}
}
return False;
}
function fileTaintAnalysis($fileCFGInfo)
{
$mainCFG = $fileCFGInfo->getMainCFG();
$functionCFGs = $fileCFGInfo->getFunctionCFGs();
$functionSignatures = $fileCFGInfo->getFunctionSignatures();
// Initialize pre-defined taint information.
TaintSource::initializeTaintSources();
// Construction the taint map for the main function.
$mainTaintMap = cfgTaintAnalysis($mainCFG);
// Constructing the taint maps for each internal function.
$functionTaintMaps = array();
foreach ($functionCFGs as $functionName => $functionCFG) {
$functionTaintMap = cfgTaintAnalysis($functionCFG);
$functionTaintMaps[$functionName] = $functionTaintMap;
}
return new FileTaintMap($mainTaintMap, $functionTaintMaps);
}
