protected function containsSanitisingFunction(array $funcs) { foreach ($funcs as $func) { if (SanitisingFunctions::isShellSanitisingFunction($func)) { return true; } } return false; }
protected function resolveSanitisationFuncCall(Expr\FuncCall $exp) { $func_name = $exp->name->getLast(); $func_args = $exp->args; $results = array(); foreach ($func_args as $arg) { $exp = $arg->value; $taintRes = $this->resolveExprTaint($exp); if (SanitisingFunctions::isSanitisingFunction($func_name)) { $taintRes->addSanitisingFunction($func_name); } else { if (SanitisingFunctions::isSanitisingReverseFunction($func_name)) { $reverse_func = SanitisingFunctions::getAffectedSanitiser($func_name); $original = $taintRes->getSanitisingFunctions(); $new_list = array_diff($original, array($reverse_func)); $taintRes->setSanitisingFunctions($new_list); } } $results[] = $taintRes; } return $this->mergeAnalysisResults($results); }