public function analyse() { $vulnerabilityReporter = new VulnerabilityReporter(); $currentTaintEnv = new TaintEnvironment(); $nodeAnalyser = new NodeAnalyser($vulnerabilityReporter); foreach ($this->parseTree as $statement) { $nodeTaintEnv = $nodeAnalyser->analyse($statement, $currentTaintEnv); $currentTaintEnv->updateTaintEnvironment($nodeTaintEnv); } return $vulnerabilityReporter->getVulnerabilityReport(); }
private function checkSinkNodes($paramMappings, VulnerabilityReporter $reporter) { foreach ($this->sinkNodes as $lineNum => $sinkNode) { $taintMappings = $sinkNode->getTaints(); $node = $sinkNode->getNode(); $finalTaints = array(); foreach ($taintMappings as $taintResult) { $taintResult = $taintResult->copy(); foreach ($paramMappings as $paramName => $taint) { if ($taintResult->isAffectingParameter($paramName)) { $taintResult->merge($taint); } $finalTaints[] = $taintResult; } } $reporter->runNodeVulnerabilityChecks($node, $finalTaints); } }