function AspisNewUnknownProxy($classname, $params, $isTaintedContext = true) { //the taint of the created object was unknown statically $class = new ReflectionClass($classname); global $aspis_taint_details; if (empty($aspis_taint_details)) { loadTaintDetails(); } //attach a proxy object only when the object is created in an environment of different taint //attach an aspis to the resuly only when called from a taintex context if (isset($aspis_taint_details[1][$classname])) { if (!$isTaintedContext) { if (!empty($params)) { foreach ($params as &$v) { $v = attAspisRCO($v); } $obj = $class->newInstanceArgs($params); } else { $obj = $class->newInstance(); } return new AspisProxy($obj, false); } } else { if ($isTaintedContext) { if (!empty($params)) { foreach ($params as &$v) { $v = deAspisWarningRC($v); } $obj = $class->newInstanceArgs($params); } else { $obj = $class->newInstance(); } return array(new AspisProxy($obj, true), false); } } if (!empty($params)) { $obj = $class->newInstanceArgs($params); } else { $obj = $class->newInstance(); } if ($isTaintedContext) { return array($obj, false); } else { return $obj; } }
function AspisUntainted_usort(&$array, $cmp_function) { //these cases need attaching aspides to the arguments if (is_string($cmp_function)) { global $aspis_taint_details; if (empty($aspis_taint_details)) { loadTaintDetails(); } global $built_in_functions; if (empty($built_in_functions)) { load_functions(); } if (!isset($built_in_functions[$cmp_function]) && isset($aspis_taint_details[0][$cmp_function])) { $n_cmp_function = function ($op1, $op2) use($cmp_function) { $ret = call_user_func($cmp_function, attAspisRCO($op1), attAspisRCO($op2)); return $ret[0]; }; return usort($array, $n_cmp_function); } } else { $class = get_class($cmp_function[0]); if ($class == "AspisProxy") { //the enclosed obj is untainted $f = array($cmp_function[0]->obj, $cmp_function[1]); $n_cmp_function = function ($op1, $op2) use($f) { $ret = call_user_func($f, attAspisRCO($op1), attAspisRCO($op2)); return $ret[0]; }; return usort($array, $n_cmp_function); } } //in al other cases, the comparison function can be called directly $n_cmp_function = function ($op1, $op2) use($cmp_function) { return call_user_func($cmp_function, $op1, $op2); }; return array(usort($array, $n_cmp_function), false); }