/**
* @param string $boxableType name of an IBoxable class
* @param DBType $dbType type to use to store the value
*/
function __construct($boxableType, DBType $dbType)
{
Assert::isTrue(TypeUtils::isInherits($boxableType, 'IBoxable'));
$this->boxableType = $boxableType;
$this->dbType = $dbType;
parent::__construct($dbType);
}
/**
* All we need to know is the associative entity (the container), because the association
* is build between this one property and the identifier of the container
* @throws OrmModelIntegrityException
*/
function __construct(IQueryable $container, AssociationMultiplicity $multiplicity, AssociationBreakAction $action)
{
$identifier = $container->getLogicalSchema()->getIdentifier();
if (!$identifier) {
throw new OrmModelIntegrityException('Cannot associate to an entity ' . $container->getLogicalSchema()->getEntityName() . ' without id');
}
$this->container = $container;
Assert::isTrue(TypeUtils::isChild($identifier->getType(), 'IOrmPropertyReferencable'));
$this->fkType = $identifier->getType()->getReferenceType($multiplicity);
$this->multiplicity = $multiplicity;
$this->action = $action;
}
private function setTimeString($input)
{
// HH:MM:SS, HHMMSS
if (strlen((string) $input) > strlen('000000') && TypeUtils::isInteger($input)) {
// unix timestamp
list($this->hour, $this->minute, $this->second) = explode(':', date('H:i:s', $input));
} else {
if (preg_match('/[^\\d]/', $input)) {
$chunks = preg_split('/[^\\d]+/', $input);
} else {
Assert::notImplemented('"HHMMSS" syntax not implemented in the Time parser');
}
$setters = array('hour', 'minute', 'second');
foreach ($chunks as $k => $v) {
$this->{'set' . $setters[$k]}($v);
}
}
}
/**
* Searchs for the class by it's name using the added resolvers, loads it in scope of itself
* and adds it to class cache
* @param string $classname
* @return boolean shows whether the class was successfully loaded or not
*/
function loadClass($classname)
{
Assert::isScalar($classname);
if (TypeUtils::isDefined($classname)) {
return true;
}
foreach ($this->resolvers as $resolver) {
$result = $resolver->getClassPath($classname);
if ($result) {
try {
require $result;
return true;
} catch (Exception $e) {
$message = sprintf('Exception thrown when autoloading %s from %s:%s', $result, $e->getFile(), $e->getLine());
trigger_error($message, E_USER_ERROR);
}
}
}
}
/**
* Checks if object is instance of type
* @return void
*/
static function isInstance($object, $type, $message = null)
{
if (!$object instanceof $type) {
if (!$message) {
$args = array('object is expected to be instance of %s, %s given', $type, TypeUtils::getName($object));
} else {
$args = func_get_args();
$args = array_slice($args, 1);
}
self::triggerError($args);
}
}
/**
* Checks if assertion is positive integer
* @notice Internal is_integer function is not used, special checks are provided by TypeUtils
* @param mixed $assertion
* @param string $message optional string to be printed when assertion check fails
* @return void
*/
static function isPositiveInteger($variable, $message = null)
{
if (!TypeUtils::isInteger($variable) || $variable < 0) {
if (!$message) {
$args = array('variable is expected to be positivoe integer, [%s] given', $variable);
} else {
$args = func_get_args();
$args = array_slice($args, 1);
}
self::triggerError($args);
}
}
function subject($subject, ISubjective $object = null)
{
if ($subject instanceof ISubjective) {
// bogus check
return $subject->toSubjected($this);
}
if ($subject instanceof ISqlCastable) {
return $subject;
}
if ($subject instanceof OrmProperty) {
return $this->subject(new EntityProperty($this, $subject));
}
if ($subject instanceof EntityProperty) {
return $subject->getSqlColumn();
}
if ($subject instanceof IBoxable) {
return new SqlValue($subject->getValue());
}
if ($subject instanceof EntityPropertyValue) {
// value cast thru explicit specification of PropertyType to use
}
if ($subject instanceof IdentifiableOrmEntity) {
return $this->subject($subject->_getId());
}
if (is_scalar($subject)) {
try {
return $this->subject($this->getEntityProperty($subject));
} catch (ArgumentException $e) {
// probably, a value, not a property path
}
if ($this->hasId($subject)) {
return new SqlIdentifier($subject);
}
} else {
if (!is_null($subject)) {
Assert::isUnreachable('do not know how to subject %s', TypeUtils::getName($subject));
}
}
return new SqlValue($subject);
}
/**
* @return IQueryable
*/
private static function getQueriable($class)
{
if (is_object($class) && $class instanceof IOrmRelated) {
$class = get_class($class);
}
if (is_scalar($class) && TypeUtils::isInherits($class, 'IOrmRelated')) {
$class = call_user_func(array($class, 'orm'));
}
return $class;
}
protected function setType($type)
{
$this->type = is_object($type) ? get_class($type) : $type;
Assert::isScalar(TypeUtils::isExists($this->type), 'unknown type %s', TypeUtils::getName($type));
}
/**
* Cast the result of action method (of any type) to IActionResult.
*
* The following types are supported:
* - string is treated as path to a view and wrapped with ViewResult
* See ActionBasedController::view()
* - IActionResult object is treated as-is
*
* @return IActionResult
*/
protected function makeActionResult($actionResult)
{
if (is_object($actionResult) && $actionResult instanceof IActionResult) {
return $actionResult;
}
if (is_string($actionResult)) {
return $this->view($actionResult);
}
Assert::isUnreachable('unknown actionResult `%s`: %s', TypeUtils::getName($actionResult), $actionResult);
}
/**
* Resolution order:
* - IDaoRelated (check a class existance within the global scope and withing the domain scope) --> AssociationPropertyType
* - IOrmRelated --> CompositionPropertyType (not implemented)
* - IOrmPropertyAssignable --> IOrmPropertyAssignable::getOrmProperty()
* - IBoxable --> BoxablePropertyType
* - DBType
* - any type with public ctor
* @return OrmPropertyType
*/
private function getPropertyType($name, AssociationMultiplicity $multiplicity, array $parameters = array())
{
if ($this->ormDomain->classExists($name)) {
$class = $this->ormDomain->getClass($name);
if ($class->hasDao() && $class->getIdentifier()) {
return new AssociationPropertyType($class, $multiplicity, AssociationBreakAction::cascade());
} else {
return new CompositePropertyType($class);
}
} else {
if (DBType::hasMember($name)) {
$parameters['id'] = $name;
if (!isset($parameters['nullable'])) {
$parameters['nullable'] = $multiplicity->isNullable() ? 'true' : 'false';
}
$dbType = $this->makeObject('DBType', $parameters);
return $dbType->getOrmPropertyType();
} else {
if (class_exists($name, true)) {
if (TypeUtils::isChild($name, 'IDaoRelated')) {
return new AssociationPropertyType(call_user_func(array($name, 'orm')), $multiplicity, AssociationBreakAction::cascade());
} else {
if (TypeUtils::isChild($name, 'IOrmRelated')) {
$orm = call_user_func(array($name, 'orm'));
return new CompositePropertyType($orm);
} else {
if (TypeUtils::isChild($name, 'IOrmPropertyAssignable')) {
return call_user_func(array($name, 'getOrmPropertyType'), $multiplicity);
} else {
if (TypeUtils::isChild($name, 'IBoxable')) {
$parameters['id'] = DBType::VARCHAR;
if (!isset($parameters['nullable'])) {
$parameters['nullable'] = $multiplicity->isNullable() ? 'true' : 'false';
}
return new BoxablePropertyType($name, $this->makeObject('DBType', $parameters));
} else {
if (TypeUtils::isChild($name, 'ISqlType')) {
// for RawSqlType
return new PrimitivePropertyType($this->makeObject($name, $parameters));
} else {
//$this->makeObject($name, $parameters);
}
}
}
}
}
}
}
}
throw new OrmModelIntegrityException('do not know how to map ' . $name);
}
protected function isValidValue($value)
{
return parent::isValidValue($value) && TypeUtils::isInteger($value);
}
/**
* Default error handler, that casts covered errors to their appropriate exceptions
* @return boolean
*/
function errorHandler($errno, $errstr, $errfile, $errline)
{
if (!error_reporting()) {
//return false;
}
if (!($errno & $this->mask)) {
if (!$this->supressUncovered) {
if ($this->previousErrorHandler) {
$args = func_get_args();
call_user_func_array($this->prevErrorHandler, $args);
} else {
return false;
}
}
return true;
}
if (isset($this->exceptionsTable[$errno])) {
$exceptionClass = $this->exceptionsTable[$errno];
Assert::isTrue(TypeUtils::isChild($exceptionClass, 'IErrorExceptionFactory'));
$exceptionObject = call_user_func_array(array($exceptionClass, 'makeException'), array($errstr, $errno, $errfile, $errline));
} else {
$exceptionObject = null;
}
if (!$exceptionObject instanceof Exception) {
$exceptionClass = $this->defaultException;
Assert::isTrue(TypeUtils::isChild($exceptionClass, 'IErrorExceptionFactory'));
$exceptionObject = call_user_func_array(array($exceptionClass, 'makeException'), array($errstr, $errno, $errfile, $errline));
}
throw $exceptionObject;
}
private function invokeResolvers($classname, $useCacheOnly)
{
Assert::isBoolean($useCacheOnly);
foreach ($this->resolvers as $resolver) {
$result = $resolver->loadClassFile($classname, $useCacheOnly);
if ($result && ($classpath = $resolver->getClassPath($classname, true))) {
$this->classPaths[] = $classpath;
break;
}
}
return TypeUtils::isDefined($classname);
}
/**
* Resolution order:
* - IDaoRelated (check a class existance within the global scope and withing the domain scope) --> AssociationPropertyType
* - IOrmRelated --> CompositionPropertyType
* - IOrmPropertyAssignable --> IOrmPropertyAssignable::getOrmProperty()
* - IBoxable --> BoxablePropertyType
* - DBType
* - any type with public ctor
* @return OrmPropertyType
*/
private function getPropertyType(SimpleXMLElement $element, AssociationMultiplicity $multiplicity)
{
$name = (string) $element['type'];
$parameters = $this->getTypeParameters($element);
if ($class = $this->importEntity($name)) {
// force recursion
if ($class->hasDao() && $class->getIdentifier()) {
return new AssociationPropertyType($class, $multiplicity, AssociationBreakAction::cascade());
} else {
return new CompositePropertyType($class);
}
} else {
if (DBType::hasMember($name)) {
$parameters['id'] = $name;
if (!isset($parameters['nullable'])) {
$parameters['nullable'] = $multiplicity->isNullable() ? 'true' : 'false';
}
$dbType = $this->makeObject('DBType', $parameters);
return $dbType->getOrmPropertyType();
} else {
if (@class_exists($name, true)) {
if (TypeUtils::isInherits($name, 'IDaoRelated')) {
return new AssociationPropertyType(call_user_func(array($name, 'orm')), $multiplicity, AssociationBreakAction::cascade());
} else {
if (TypeUtils::isInherits($name, 'IOrmRelated')) {
$orm = call_user_func(array($name, 'orm'));
return new CompositePropertyType($orm);
} else {
if (TypeUtils::isInherits($name, 'IOrmPropertyAssignable')) {
return call_user_func(array($name, 'getOrmPropertyType'), $multiplicity);
} else {
if (TypeUtils::isInherits($name, 'IBoxable')) {
$parameters['id'] = DBType::VARCHAR;
if (!isset($parameters['nullable'])) {
$parameters['nullable'] = $multiplicity->isNullable() ? 'true' : 'false';
}
return new BoxablePropertyType($name, $this->makeObject('DBType', $parameters));
} else {
if (TypeUtils::isInherits($name, 'ISqlType')) {
// for RawSqlType
return new PrimitivePropertyType($this->makeObject($name, $parameters));
} else {
if (TypeUtils::isInherits($name, 'OrmPropertyType')) {
// OrmPropertyType with public ctor
return $this->makeObject($name, $parameters);
}
}
}
}
}
}
}
}
}
throw new OrmModelIntegrityException('Unknown type of ' . (string) $element['name'] . ' property: ' . $name);
}
public function leaveNode(Node $node)
{
//处理过程间代码,即调用的方法定义中的源码
if ($node->getType() == 'Expr_FuncCall' || $node->getType() == 'Expr_MethodCall' || $node->getType() == 'Expr_StaticCall') {
//获取到方法的名称
$nodeName = NodeUtils::getNodeFunctionName($node);
$ret = NodeUtils::isSinkFunction($nodeName, $this->scan_type);
//进行危险参数的辨别
if ($ret[0] == true) {
//处理系统内置的sink
//找到了mysql_query
$cfg = new CFGGenerator();
//array(where)找到危险参数的位置
$args = $ret[1];
if (is_array($args[0])) {
$args = $args[0];
}
$vars = $this->senstivePostion($node, $this->block, $args);
$type = TypeUtils::getTypeByFuncName($nodeName);
if ($vars) {
//返回处理结果,将多个相关变量位置返回
$this->vars = array_merge($this->vars, $vars);
}
if ($type) {
//返回sink类型
$this->sinkType = $type;
}
} elseif (array_key_exists($nodeName, $this->sinkContext->getAllSinks())) {
//处理已经加入sinksContext用户自定义函数
//处理用户定义的sink
$type = TypeUtils::getTypeByFuncName($nodeName);
if ($type) {
//返回sink类型
$this->sinkType = $type;
}
$context = Context::getInstance();
$funcName = NodeUtils::getNodeFunctionName($node);
$funcBody = $context->getClassMethodBody($funcName, $this->fileSummary->getPath(), $this->fileSummary->getIncludeMap());
if (!$funcBody) {
break;
}
$cfg = new CFGGenerator();
//$this->block->function[$nodeName]
$arr = $this->sinkContext->getAllSinks();
$arr = $arr[$nodeName];
foreach ($arr as $pos) {
$argName = NodeUtils::getNodeFuncParams($node);
$argName = $argName[$pos];
$this->vars = $this->sinkMultiBlockTraceback($argName, $this->block, 0);
}
} else {
}
}
}
/**
* 污点分析的函数
* @param BasicBlock $block 当前基本块
* @param Node $node 当前的函数调用node
* @param string $argName 危险参数名
* @param FileSummary 当前文件摘要
*/
public function analysis($block, $node, $argName, $fileSummary)
{
//传入变量本身就是source
$varName = substr($argName, 0, strpos($argName, '['));
if (in_array($varName, $this->sourcesArr) || in_array($argName, $this->sourcesArr)) {
//报告漏洞
$path = $fileSummary->getPath();
$type = TypeUtils::getTypeByFuncName(NodeUtils::getNodeFunctionName($node));
$this->report($path, $path, $node, $argName, $type);
} else {
$path = $fileSummary->getPath();
//获取前驱基本块集合并将当前基本量添加至列表
$this->getPrevBlocks($block);
$block_list = $this->pathArr;
array_push($block_list, $block);
//多个基本块的处理
$this->pathArr = array();
$this->multiBlockHandler($block, $argName, $node, $fileSummary);
$this->multiFileHandler($block, $argName, $node, $fileSummary);
}
}
/**
* Wrapper over ASP.NET-like "CodeBehind" and "Inherits" attributes
* @return void
*/
protected final function codeBehind($type)
{
$this->assertInsideRenderingContext();
Assert::isTrue(TypeUtils::isChild($this, $type), 'fatal error: %s should be the only wrapper for invoked layout to handle it successfully', $type);
}
