public function getUserSanitizeFuncConetxt()
{
//判断本地序列化文件中是否存在UserSanitizeFuncConetxt
if (($serial_str = file_get_contents(CURR_PATH . "/data/sanitizeFuncConetxtSerialData")) != '') {
$sanitizeFunctions = unserialize($serial_str);
$funcContext = UserSanitizeFuncConetxt::getInstance();
$funcContext->sanitizeFunctions = $sanitizeFunctions;
return;
}
global $allFiles;
$filearr = $allFiles;
$len = count($filearr);
for ($i = 0; $i < $len; $i++) {
$this->visitor->filePath = $filearr[$i];
$code = file_get_contents($this->visitor->filePath);
try {
$stmts = $this->parser->parse($code);
} catch (PhpParser\Error $e) {
//echo 'Parse Error: ', $e->getMessage();
continue;
}
$this->traverser->traverse($stmts);
//遍历AST
}
$funcContext = UserSanitizeFuncConetxt::getInstance();
//对UserSanitizeFuncConetxt进行序列化,加快下次读取速度
$this->serializeContext($funcContext);
}
/**
* 检测是否为系统净化函数或已处理的净化函数
* @param 函数名 $funcName
* @return array(true|false,type)
*/
public static function isSecureFunction($funcName)
{
global $F_SECURES_ARRAY, $F_SECURES_ALL;
$nameNum = count($F_SECURES_ARRAY);
//查找系统净化函数
if (in_array($funcName, $F_SECURES_ALL)) {
$type = array();
for ($i = 0; $i < $nameNum; $i++) {
if (in_array($funcName, $F_SECURES_ARRAY[$i])) {
array_push($type, $F_SECURES_ARRAY[$i]['__NAME__']);
}
}
if ($type) {
return array(true, 'type' => $type);
} else {
return array(false);
}
} else {
//已经查找过的用户定义净化函数
$sanitiFuncContext = UserSanitizeFuncConetxt::getInstance();
$ret = $sanitiFuncContext->getFuncSanitizeInfo($funcName);
if ($ret) {
return array(true, 'type' => $ret->getSanitiType());
} else {
return array(false);
}
}
}
