public function getResultIterator($path)
{
if (Environment::hasAtLeastJavaVersion(5) !== true) {
$this->log(['FindBugs requires JRE 1.5 or later.', \Yasca\Logs\Level::ERROR]);
return new \EmptyIterator();
}
try {
$process = new Process('"' . __DIR__ . '/bin/findbugs' . (Environment::isWindows() ? '.bat' : '') . '"' . ' -home "' . __DIR__ . '" ' . ' -include "' . __DIR__ . '/filter.xml" ' . '-textui -xml:withMessages -xargs -quiet');
} catch (ProcessStartException $e) {
$this->log(['FindBugs failed to start', \Yasca\Logs\Level::ERROR]);
return new \EmptyIterator();
}
$this->log(['FindBugs launched', \Yasca\Logs\Level::INFO]);
(new \Yasca\Core\FunctionPipe())->wrap($path)->pipe([Operators::_class, '_new'], '\\RecursiveDirectoryIterator')->toIteratorBuilder()->where(function ($fileinfo) {
return $this->supportsExtension($fileinfo->getExtension());
})->select(static function ($fileinfo, $filepath) {
return "{$filepath}\n";
})->forAll([$process, 'writeToStdin']);
$process->closeStdin();
return $process->continueWith(function ($async) use($path) {
list($stdout, $stderr) = $async->result();
$this->log(['FindBugs completed', \Yasca\Logs\Level::INFO]);
$dom = new \DOMDocument();
try {
$success = $dom->loadXML($stdout);
} catch (\ErrorException $e) {
$success = false;
}
if ($success !== true) {
if ($stdout === '') {
$this->log(['FindBugs did not return any data', \Yasca\Logs\Level::ERROR]);
} else {
$this->log(['FindBugs did not return valid XML', \Yasca\Logs\Level::ERROR]);
$this->log(["FindBugs returned {$stdout}", \Yasca\Logs\Level::ERROR]);
}
return Async::fromResult(new \EmptyIterator());
}
$bugPatterns = (new \Yasca\Core\IteratorBuilder())->from($dom->getElementsByTagName('BugPattern'))->selectKeys(static function ($patternNode) {
return ["{$pattern->getElementsByTagName('Details')->item(0)->nodeValue}", "{$pattern->getAttribute('type')}"];
})->toArray(true);
return (new \Yasca\Core\IteratorBuilder())->from($dom->getElementsByTagName('BugInstance'))->select(static function ($bugInstance) use(&$bugPatterns, $path) {
$type = $bugInstance->getAttribute('type');
$sourceLine = $bugInstance->getElementsByTagName('SourceLine')->item(0);
$shortMessage = $bugInstance->getElementsByTagName('ShortMessage')->item(0)->nodeValue;
return (new \Yasca\Result())->setOptions(['pluginName' => 'FindBugs', 'severity' => "{$bugInstance->getAttribute('priority')}", 'category' => (new \Yasca\Core\FunctionPipe())->wrap($bugInstance->getAttribute('category'))->pipeLast('\\str_replace', '_', ' ')->pipe('\\strtolower')->pipe('\\ucwords')->unwrap(), 'lineNumber' => "{$sourceLine->getAttribute('start')}", 'filename' => "{$path}/{$sourceLine->getAttribute('sourcepath')}", 'references' => ['http://findbugs.sourceforge.net/bugDescriptions.html#' . \urlencode($type) => 'FindBugs Bug Description'], 'message' => "{$shortMessage}", 'description' => <<<EOT
{$shortMessage}
{$bugPatterns[$type]}
EOT
]);
})->toFunctionPipe()->pipe([Async::_class, 'fromResult']);
});
}
public function getResultIterator($path)
{
if (Environment::hasAtLeastJavaVersion(4) !== true) {
$this->log(['PMD requires JRE 1.4 or later.', \Yasca\Logs\Level::ERROR]);
return new \EmptyIterator();
}
try {
$process = new Process('java -cp "' . (new \Yasca\Core\FunctionPipe())->wrap(__DIR__)->pipe([Operators::_class, '_new'], '\\FilesystemIterator')->toIteratorBuilder()->select(static function ($u, $key) {
return $key;
})->whereRegex('`\\.jar$`ui')->join(PATH_SEPARATOR) . '" net.sourceforge.pmd.PMD "' . $path . '"' . ' xml' . ' "' . __DIR__ . '/yasca-rules.xml"');
// ' "' . __DIR__ . '/yasca-rules.xml"'
//);
} catch (ProcessStartException $e) {
$this->log(['PMD failed to start', \Yasca\Logs\Level::ERROR]);
return new \EmptyIterator();
}
$this->log(['PMD launched', \Yasca\Logs\Level::INFO]);
return $process->continueWith(function ($async) {
list($stdout, $stderr) = $async->result();
$this->log(['PMD completed', \Yasca\Logs\Level::INFO]);
//$this->log([$stdout, \Yasca\Logs\Level::ERROR]);
$dom = new \DOMDocument();
try {
$success = $dom->loadXML($stdout);
} catch (\ErrorException $e) {
$success = false;
}
if ($success !== true) {
if ($stdout === '') {
$this->log(['PMD did not return any data', \Yasca\Logs\Level::ERROR]);
$this->log([$stderr, \Yasca\Logs\Level::ERROR]);
} else {
$this->log(['PMD did not return valid XML', \Yasca\Logs\Level::ERROR]);
$this->log(["PMD returned {$stdout}", \Yasca\Logs\Level::ERROR]);
}
return Async::fromResult(new \EmptyIterator());
}
return (new \Yasca\Core\IteratorBuilder())->from($dom->getElementsByTagName('file'))->selectMany(static function ($fileNode) {
return (new \Yasca\Core\IteratorBuilder())->from($fileNode->getElementsByTagName('violation'))->select(static function ($violationNode) use($fileNode) {
return (new \Yasca\Result())->setOptions(['pluginName' => 'PMD', 'filename' => "{$fileNode->getAttribute('name')}", 'lineNumber' => "{$violationNode->getAttribute('beginline')}", 'category' => "{$violationNode->getAttribute('rule')}", 'severity' => "{$violationNode->getAttribute('priority')}", 'description' => "", 'message' => "", 'references' => ["{$violationNode->getAttribute('externalInfoUrl')}" => 'PMD Reference']]);
});
})->toFunctionPipe()->pipe([Async::_class, 'fromResult']);
});
}
public function getResultIterator($filepath)
{
if (Environment::hasAtLeastJavaVersion(6) !== true) {
if ($this->firstRun === true) {
$this->log(['Pixy requires JRE 1.6 or later.', \Yasca\Logs\Level::ERROR]);
}
$this->firstRun = false;
return new \EmptyIterator();
}
try {
$process = new Process('"' . __DIR__ . '/pixy' . (Environment::isWindows() ? '.bat' : '') . '"' . ' "' . $filepath . '"');
} catch (ProcessStartException $e) {
if ($this->firstRun === true) {
$this->log(['Unable to start Pixy', \Yasca\Logs\Level::ERROR]);
}
$this->firstRun = false;
return new \EmptyIterator();
}
$this->log(['Pixy launched', \Yasca\Logs\Level::DEBUG]);
return $process->continueWith(function ($async) {
list($stdout, $stderr) = $async->result();
$this->log(['Pixy completed', \Yasca\Logs\Level::DEBUG]);
$matches = [];
\preg_match_all(<<<'EOT'
`(*ANY)(?xim)
^ (?<analysis>
XSS |
SQL |
File
)
\s Analysis \s BEGIN \R
(^ .* (?<! Analysis \s BEGIN | \d ) \R)*
(?<results>
(^ - \d* .* \: \d+ $ \R?)+
)
`u
EOT
, $stdout, $matches, PREG_SET_ORDER);
return (new \Yasca\Core\IteratorBuilder())->from($matches)->selectKeys(static function ($analysisMatch) {
return [$analysisMatch['results'], $analysisMatch['analysis']];
})->whereRegex(<<<'EOT'
`(*ANY)(?xim)
^ - \d* (?<filename> .* ) : (?<lineNumber> \d+ ) $.
`u
EOT
, \RegexIterator::ALL_MATCHES, 0, PREG_SET_ORDER)->selectMany(function ($results, $analysis) {
if ($analysis === 'XSS') {
$result = $this->newXssResult();
} elseif ($analysis === 'SQL') {
$result = $this->newSqliResult();
} else {
$result = (new \Yasca\Result())->setOptions(['description' => 'Generic File Vulnerability']);
}
return (new \Yasca\Core\IteratorBuilder())->from($results)->select(static function ($match) use($result) {
$r = clone $result;
return $r->setOptions(['pluginName' => 'Pixy', 'lineNumber' => "{$match['lineNumber']}", 'filename' => "{$match['filename']}", 'message' => "{$match['filename']}"]);
});
})->toFunctionPipe()->pipe([Async::_class, 'fromResult']);
});
}
