/** * @param string $boxableType name of an IBoxable class * @param DBType $dbType type to use to store the value */ function __construct($boxableType, DBType $dbType) { Assert::isTrue(TypeUtils::isInherits($boxableType, 'IBoxable')); $this->boxableType = $boxableType; $this->dbType = $dbType; parent::__construct($dbType); }
/** * All we need to know is the associative entity (the container), because the association * is build between this one property and the identifier of the container * @throws OrmModelIntegrityException */ function __construct(IQueryable $container, AssociationMultiplicity $multiplicity, AssociationBreakAction $action) { $identifier = $container->getLogicalSchema()->getIdentifier(); if (!$identifier) { throw new OrmModelIntegrityException('Cannot associate to an entity ' . $container->getLogicalSchema()->getEntityName() . ' without id'); } $this->container = $container; Assert::isTrue(TypeUtils::isChild($identifier->getType(), 'IOrmPropertyReferencable')); $this->fkType = $identifier->getType()->getReferenceType($multiplicity); $this->multiplicity = $multiplicity; $this->action = $action; }
private function setTimeString($input) { // HH:MM:SS, HHMMSS if (strlen((string) $input) > strlen('000000') && TypeUtils::isInteger($input)) { // unix timestamp list($this->hour, $this->minute, $this->second) = explode(':', date('H:i:s', $input)); } else { if (preg_match('/[^\\d]/', $input)) { $chunks = preg_split('/[^\\d]+/', $input); } else { Assert::notImplemented('"HHMMSS" syntax not implemented in the Time parser'); } $setters = array('hour', 'minute', 'second'); foreach ($chunks as $k => $v) { $this->{'set' . $setters[$k]}($v); } } }
/** * Searchs for the class by it's name using the added resolvers, loads it in scope of itself * and adds it to class cache * @param string $classname * @return boolean shows whether the class was successfully loaded or not */ function loadClass($classname) { Assert::isScalar($classname); if (TypeUtils::isDefined($classname)) { return true; } foreach ($this->resolvers as $resolver) { $result = $resolver->getClassPath($classname); if ($result) { try { require $result; return true; } catch (Exception $e) { $message = sprintf('Exception thrown when autoloading %s from %s:%s', $result, $e->getFile(), $e->getLine()); trigger_error($message, E_USER_ERROR); } } } }
/** * Checks if object is instance of type * @return void */ static function isInstance($object, $type, $message = null) { if (!$object instanceof $type) { if (!$message) { $args = array('object is expected to be instance of %s, %s given', $type, TypeUtils::getName($object)); } else { $args = func_get_args(); $args = array_slice($args, 1); } self::triggerError($args); } }
/** * Checks if assertion is positive integer * @notice Internal is_integer function is not used, special checks are provided by TypeUtils * @param mixed $assertion * @param string $message optional string to be printed when assertion check fails * @return void */ static function isPositiveInteger($variable, $message = null) { if (!TypeUtils::isInteger($variable) || $variable < 0) { if (!$message) { $args = array('variable is expected to be positivoe integer, [%s] given', $variable); } else { $args = func_get_args(); $args = array_slice($args, 1); } self::triggerError($args); } }
function subject($subject, ISubjective $object = null) { if ($subject instanceof ISubjective) { // bogus check return $subject->toSubjected($this); } if ($subject instanceof ISqlCastable) { return $subject; } if ($subject instanceof OrmProperty) { return $this->subject(new EntityProperty($this, $subject)); } if ($subject instanceof EntityProperty) { return $subject->getSqlColumn(); } if ($subject instanceof IBoxable) { return new SqlValue($subject->getValue()); } if ($subject instanceof EntityPropertyValue) { // value cast thru explicit specification of PropertyType to use } if ($subject instanceof IdentifiableOrmEntity) { return $this->subject($subject->_getId()); } if (is_scalar($subject)) { try { return $this->subject($this->getEntityProperty($subject)); } catch (ArgumentException $e) { // probably, a value, not a property path } if ($this->hasId($subject)) { return new SqlIdentifier($subject); } } else { if (!is_null($subject)) { Assert::isUnreachable('do not know how to subject %s', TypeUtils::getName($subject)); } } return new SqlValue($subject); }
/** * @return IQueryable */ private static function getQueriable($class) { if (is_object($class) && $class instanceof IOrmRelated) { $class = get_class($class); } if (is_scalar($class) && TypeUtils::isInherits($class, 'IOrmRelated')) { $class = call_user_func(array($class, 'orm')); } return $class; }
protected function setType($type) { $this->type = is_object($type) ? get_class($type) : $type; Assert::isScalar(TypeUtils::isExists($this->type), 'unknown type %s', TypeUtils::getName($type)); }
/** * Cast the result of action method (of any type) to IActionResult. * * The following types are supported: * - string is treated as path to a view and wrapped with ViewResult * See ActionBasedController::view() * - IActionResult object is treated as-is * * @return IActionResult */ protected function makeActionResult($actionResult) { if (is_object($actionResult) && $actionResult instanceof IActionResult) { return $actionResult; } if (is_string($actionResult)) { return $this->view($actionResult); } Assert::isUnreachable('unknown actionResult `%s`: %s', TypeUtils::getName($actionResult), $actionResult); }
/** * Resolution order: * - IDaoRelated (check a class existance within the global scope and withing the domain scope) --> AssociationPropertyType * - IOrmRelated --> CompositionPropertyType (not implemented) * - IOrmPropertyAssignable --> IOrmPropertyAssignable::getOrmProperty() * - IBoxable --> BoxablePropertyType * - DBType * - any type with public ctor * @return OrmPropertyType */ private function getPropertyType($name, AssociationMultiplicity $multiplicity, array $parameters = array()) { if ($this->ormDomain->classExists($name)) { $class = $this->ormDomain->getClass($name); if ($class->hasDao() && $class->getIdentifier()) { return new AssociationPropertyType($class, $multiplicity, AssociationBreakAction::cascade()); } else { return new CompositePropertyType($class); } } else { if (DBType::hasMember($name)) { $parameters['id'] = $name; if (!isset($parameters['nullable'])) { $parameters['nullable'] = $multiplicity->isNullable() ? 'true' : 'false'; } $dbType = $this->makeObject('DBType', $parameters); return $dbType->getOrmPropertyType(); } else { if (class_exists($name, true)) { if (TypeUtils::isChild($name, 'IDaoRelated')) { return new AssociationPropertyType(call_user_func(array($name, 'orm')), $multiplicity, AssociationBreakAction::cascade()); } else { if (TypeUtils::isChild($name, 'IOrmRelated')) { $orm = call_user_func(array($name, 'orm')); return new CompositePropertyType($orm); } else { if (TypeUtils::isChild($name, 'IOrmPropertyAssignable')) { return call_user_func(array($name, 'getOrmPropertyType'), $multiplicity); } else { if (TypeUtils::isChild($name, 'IBoxable')) { $parameters['id'] = DBType::VARCHAR; if (!isset($parameters['nullable'])) { $parameters['nullable'] = $multiplicity->isNullable() ? 'true' : 'false'; } return new BoxablePropertyType($name, $this->makeObject('DBType', $parameters)); } else { if (TypeUtils::isChild($name, 'ISqlType')) { // for RawSqlType return new PrimitivePropertyType($this->makeObject($name, $parameters)); } else { //$this->makeObject($name, $parameters); } } } } } } } } throw new OrmModelIntegrityException('do not know how to map ' . $name); }
protected function isValidValue($value) { return parent::isValidValue($value) && TypeUtils::isInteger($value); }
/** * Default error handler, that casts covered errors to their appropriate exceptions * @return boolean */ function errorHandler($errno, $errstr, $errfile, $errline) { if (!error_reporting()) { //return false; } if (!($errno & $this->mask)) { if (!$this->supressUncovered) { if ($this->previousErrorHandler) { $args = func_get_args(); call_user_func_array($this->prevErrorHandler, $args); } else { return false; } } return true; } if (isset($this->exceptionsTable[$errno])) { $exceptionClass = $this->exceptionsTable[$errno]; Assert::isTrue(TypeUtils::isChild($exceptionClass, 'IErrorExceptionFactory')); $exceptionObject = call_user_func_array(array($exceptionClass, 'makeException'), array($errstr, $errno, $errfile, $errline)); } else { $exceptionObject = null; } if (!$exceptionObject instanceof Exception) { $exceptionClass = $this->defaultException; Assert::isTrue(TypeUtils::isChild($exceptionClass, 'IErrorExceptionFactory')); $exceptionObject = call_user_func_array(array($exceptionClass, 'makeException'), array($errstr, $errno, $errfile, $errline)); } throw $exceptionObject; }
private function invokeResolvers($classname, $useCacheOnly) { Assert::isBoolean($useCacheOnly); foreach ($this->resolvers as $resolver) { $result = $resolver->loadClassFile($classname, $useCacheOnly); if ($result && ($classpath = $resolver->getClassPath($classname, true))) { $this->classPaths[] = $classpath; break; } } return TypeUtils::isDefined($classname); }
/** * Resolution order: * - IDaoRelated (check a class existance within the global scope and withing the domain scope) --> AssociationPropertyType * - IOrmRelated --> CompositionPropertyType * - IOrmPropertyAssignable --> IOrmPropertyAssignable::getOrmProperty() * - IBoxable --> BoxablePropertyType * - DBType * - any type with public ctor * @return OrmPropertyType */ private function getPropertyType(SimpleXMLElement $element, AssociationMultiplicity $multiplicity) { $name = (string) $element['type']; $parameters = $this->getTypeParameters($element); if ($class = $this->importEntity($name)) { // force recursion if ($class->hasDao() && $class->getIdentifier()) { return new AssociationPropertyType($class, $multiplicity, AssociationBreakAction::cascade()); } else { return new CompositePropertyType($class); } } else { if (DBType::hasMember($name)) { $parameters['id'] = $name; if (!isset($parameters['nullable'])) { $parameters['nullable'] = $multiplicity->isNullable() ? 'true' : 'false'; } $dbType = $this->makeObject('DBType', $parameters); return $dbType->getOrmPropertyType(); } else { if (@class_exists($name, true)) { if (TypeUtils::isInherits($name, 'IDaoRelated')) { return new AssociationPropertyType(call_user_func(array($name, 'orm')), $multiplicity, AssociationBreakAction::cascade()); } else { if (TypeUtils::isInherits($name, 'IOrmRelated')) { $orm = call_user_func(array($name, 'orm')); return new CompositePropertyType($orm); } else { if (TypeUtils::isInherits($name, 'IOrmPropertyAssignable')) { return call_user_func(array($name, 'getOrmPropertyType'), $multiplicity); } else { if (TypeUtils::isInherits($name, 'IBoxable')) { $parameters['id'] = DBType::VARCHAR; if (!isset($parameters['nullable'])) { $parameters['nullable'] = $multiplicity->isNullable() ? 'true' : 'false'; } return new BoxablePropertyType($name, $this->makeObject('DBType', $parameters)); } else { if (TypeUtils::isInherits($name, 'ISqlType')) { // for RawSqlType return new PrimitivePropertyType($this->makeObject($name, $parameters)); } else { if (TypeUtils::isInherits($name, 'OrmPropertyType')) { // OrmPropertyType with public ctor return $this->makeObject($name, $parameters); } } } } } } } } } throw new OrmModelIntegrityException('Unknown type of ' . (string) $element['name'] . ' property: ' . $name); }
public function leaveNode(Node $node) { //处理过程间代码,即调用的方法定义中的源码 if ($node->getType() == 'Expr_FuncCall' || $node->getType() == 'Expr_MethodCall' || $node->getType() == 'Expr_StaticCall') { //获取到方法的名称 $nodeName = NodeUtils::getNodeFunctionName($node); $ret = NodeUtils::isSinkFunction($nodeName, $this->scan_type); //进行危险参数的辨别 if ($ret[0] == true) { //处理系统内置的sink //找到了mysql_query $cfg = new CFGGenerator(); //array(where)找到危险参数的位置 $args = $ret[1]; if (is_array($args[0])) { $args = $args[0]; } $vars = $this->senstivePostion($node, $this->block, $args); $type = TypeUtils::getTypeByFuncName($nodeName); if ($vars) { //返回处理结果,将多个相关变量位置返回 $this->vars = array_merge($this->vars, $vars); } if ($type) { //返回sink类型 $this->sinkType = $type; } } elseif (array_key_exists($nodeName, $this->sinkContext->getAllSinks())) { //处理已经加入sinksContext用户自定义函数 //处理用户定义的sink $type = TypeUtils::getTypeByFuncName($nodeName); if ($type) { //返回sink类型 $this->sinkType = $type; } $context = Context::getInstance(); $funcName = NodeUtils::getNodeFunctionName($node); $funcBody = $context->getClassMethodBody($funcName, $this->fileSummary->getPath(), $this->fileSummary->getIncludeMap()); if (!$funcBody) { break; } $cfg = new CFGGenerator(); //$this->block->function[$nodeName] $arr = $this->sinkContext->getAllSinks(); $arr = $arr[$nodeName]; foreach ($arr as $pos) { $argName = NodeUtils::getNodeFuncParams($node); $argName = $argName[$pos]; $this->vars = $this->sinkMultiBlockTraceback($argName, $this->block, 0); } } else { } } }
/** * 污点分析的函数 * @param BasicBlock $block 当前基本块 * @param Node $node 当前的函数调用node * @param string $argName 危险参数名 * @param FileSummary 当前文件摘要 */ public function analysis($block, $node, $argName, $fileSummary) { //传入变量本身就是source $varName = substr($argName, 0, strpos($argName, '[')); if (in_array($varName, $this->sourcesArr) || in_array($argName, $this->sourcesArr)) { //报告漏洞 $path = $fileSummary->getPath(); $type = TypeUtils::getTypeByFuncName(NodeUtils::getNodeFunctionName($node)); $this->report($path, $path, $node, $argName, $type); } else { $path = $fileSummary->getPath(); //获取前驱基本块集合并将当前基本量添加至列表 $this->getPrevBlocks($block); $block_list = $this->pathArr; array_push($block_list, $block); //多个基本块的处理 $this->pathArr = array(); $this->multiBlockHandler($block, $argName, $node, $fileSummary); $this->multiFileHandler($block, $argName, $node, $fileSummary); } }
/** * Wrapper over ASP.NET-like "CodeBehind" and "Inherits" attributes * @return void */ protected final function codeBehind($type) { $this->assertInsideRenderingContext(); Assert::isTrue(TypeUtils::isChild($this, $type), 'fatal error: %s should be the only wrapper for invoked layout to handle it successfully', $type); }