/** * 获取concat中的所有变量名 * @param Node $node */ private static function getConcatParamsNode($node) { $retArr = array(); if ($node->getType() != "Expr_BinaryOp_Concat") { return $retArr; } $symbol = new ConcatSymbol(); $symbol->setItemByNode($node); $items = $symbol->getItems(); foreach ($items as $item) { if ($item instanceof ValueSymbol) { continue; } array_push($retArr, $item->getValue()); } return $retArr; }
public function leaveNode(Node $node) { global $SECURES_TYPE_ALL; if (!$node instanceof Node) { return null; } if ($node->getType() == 'Stmt_Return') { $part = $node->expr; if (SymbolUtils::isValue($part)) { //return value if (!is_array($this->sanitiInfo['type'])) { $this->sanitiInfo['type'] = array($this->sanitiInfo['type']); } $type = array_intersect($this->sanitiInfo['type'], $SECURES_TYPE_ALL); $this->sanitiInfo = array(true, 'type' => $type); } elseif (SymbolUtils::isVariable($part)) { //return variable $context = Context::getInstance(); $funcBody = $context->getFunctionBody($this->funcName); if (!$funcBody) { return null; } $nodes = $funcBody->stmts; $cfg = new CFGGenerator(); $block = $cfg->CFGBuilder($nodes, NULL, NULL, NULL); $ret = $this->sanitiMultiBlockHandler($node->expr, $block); if ($ret[0]) { $type = array_intersect($this->sanitiInfo['type'], $ret['type']); $this->sanitiInfo = array(true, 'type' => $type); } else { $this->sanitiInfo = null; } } elseif (SymbolUtils::isConstant($part)) { //return constant $type = array_intersect($this->sanitiInfo['type'], $SECURES_TYPE_ALL); $this->sanitiInfo = array(true, 'type' => $type); } elseif (SymbolUtils::isArrayDimFetch($part)) { //return array $context = Context::getInstance(); $funcBody = $context->getFunctionBody($this->funcName); if (!$funcBody) { return null; } $nodes = $funcBody->stmts; $cfg = new CFGGenerator(); $block = $cfg->CFGBuilder($nodes, NULL, NULL, NULL); $ret = $this->sanitiMultiBlockHandler($node->expr, $block); if ($ret[0]) { $type = array_intersect($this->sanitiInfo['type'], $ret['type']); $this->sanitiInfo = array(true, 'type' => $type); } else { $this->sanitiInfo = null; } } elseif (SymbolUtils::isConcat($part)) { //return concat $concat = new ConcatSymbol(); $concat->setItemByNode($part); $items = $concat->getItems(); if (!$items) { return null; } $context = Context::getInstance(); $funcBody = $context->getFunctionBody($this->funcName); if (!$funcBody) { return null; } $nodes = $funcBody->stmts; $cfg = new CFGGenerator(); $block = $cfg->CFGBuilder($nodes, NULL, NULL, NULL); $retarr = $SECURES_TYPE_ALL; foreach ($items as $item) { $ret = $this->sanitiMultiBlockHandler($item, $block); if ($ret[0]) { $retarr = array_intersect($retarr, $ret['type']); } else { $this->sanitiInfo = array(false); break; } } $this->sanitiInfo = array(true, 'type' => $retarr); } else { //处理函数调用 if ($part->getType() == 'Expr_FuncCall' || $part->getType() == 'Expr_MethodCall' || $part->getType() == 'Expr_StaticCall') { $ret = SanitizationHandler::SantiniFuncHandler($part, $this->fileSummary); if ($ret) { $saniType = $ret->getSanitiType(); if (is_array($saniType[0])) { $saniType = $saniType[0]; } $type = array_intersect($this->sanitiInfo['type'], $saniType); $this->sanitiInfo = array(true, 'type' => $type); } } } } else { return null; } }