예제 #1
0
 public function __call($name, $arguments)
 {
     if (empty($arguments)) {
         if ($this->taintedToUntainted) {
             $res = call_user_func(array($this->obj, $name));
             $res = attAspisRCO($res);
         } else {
             $res = call_user_func(array($this->obj, $name));
             $guard = AspisFindSourceGuard($name);
             if ($guard != "") {
                 $res = $guard($res);
             }
             $res = deAspisWarningRC($res);
         }
     } else {
         if ($this->taintedToUntainted) {
             foreach ($arguments as &$v) {
                 $v = deAspisWarningRC($v);
             }
             $res = call_user_func_array(array($this->obj, $name), $arguments);
             $res = attAspisRCO($res);
         } else {
             foreach ($arguments as &$v) {
                 $v = attAspisRCO($v);
             }
             $res = call_user_func_array(array($this->obj, $name), $arguments);
             $guard = AspisFindSourceGuard($name);
             if ($guard != "") {
                 $res = $guard($res);
             }
             $res = deAspisWarningRC($res);
         }
     }
     return $res;
 }
예제 #2
0
function AspisUntaintedDynamicCall()
{
    $f_params = func_get_args();
    $f_name = array_shift($f_params);
    //the caller is tainted
    global $built_in_functions;
    if (empty($built_in_functions)) {
        load_functions();
    }
    global $aspis_taint_details;
    if (empty($aspis_taint_details)) {
        loadTaintDetails();
    }
    $is_function = is_string($f_name);
    if ($is_function && isset($built_in_functions[$f_name])) {
        //TODO: this doesn't and rather can't work with ref parameters.
        //That's because no matter what, I cannot get my hands in refs of the incoming params
        return call_user_func_array($f_name, $f_params);
    } else {
        if ($is_function && isset($aspis_taint_details[0][$f_name])) {
            foreach ($f_params as &$value) {
                $value = attAspisRCO($value);
            }
            $ret = call_user_func_array($f_name, $f_params);
            $guard = AspisFindSourceGuard($f_name);
            if ($guard != "") {
                $ret = $guard($ret);
            }
            return deAspisRCO($ret);
        }
    }
    return call_user_func_array($f_name, $f_params);
}