/** Examine the current PHPParser_Node node against the PHPSandbox configuration for whitelisting trusted code
*
* @param \PHPParser_Node $node The trusted $node to examine
*
* @return null|bool Return false if node must be removed, or null if no changes to the node are made
*/
public function leaveNode(\PHPParser_Node $node)
{
if ($node instanceof \PHPParser_Node_Expr_FuncCall && $node->name instanceof \PHPParser_Node_Name && !$this->sandbox->has_blacklist_funcs()) {
$this->sandbox->whitelist_func($node->name->toString());
} else {
if ($node instanceof \PHPParser_Node_Stmt_Function && is_string($node->name) && $node->name && !$this->sandbox->has_blacklist_funcs()) {
$this->sandbox->whitelist_func($node->name);
} else {
if (($node instanceof \PHPParser_Node_Expr_Variable || $node instanceof \PHPParser_Node_Stmt_StaticVar) && is_string($node->name) && $this->sandbox->has_whitelist_vars() && !$this->sandbox->allow_variables) {
$this->sandbox->whitelist_var($node->name);
} else {
if ($node instanceof \PHPParser_Node_Expr_FuncCall && $node->name instanceof \PHPParser_Node_Name && $node->name->toString() == 'define' && !$this->sandbox->is_defined_func('define') && !$this->sandbox->has_blacklist_consts()) {
$name = isset($node->args[0]) ? $node->args[0] : null;
if ($name && $name instanceof \PHPParser_Node_Arg && $name->value instanceof \PHPParser_Node_Scalar_String && is_string($name->value->value) && $name->value->value) {
$this->sandbox->whitelist_const($name->value->value);
}
} else {
if ($node instanceof \PHPParser_Node_Expr_ConstFetch && $node->name instanceof \PHPParser_Node_Name && !$this->sandbox->has_blacklist_consts()) {
$this->sandbox->whitelist_const($node->name->toString());
} else {
if ($node instanceof \PHPParser_Node_Stmt_Class && is_string($node->name) && !$this->sandbox->has_blacklist_classes()) {
$this->sandbox->whitelist_class($node->name);
} else {
if ($node instanceof \PHPParser_Node_Stmt_Interface && is_string($node->name) && !$this->sandbox->has_blacklist_interfaces()) {
$this->sandbox->whitelist_interface($node->name);
} else {
if ($node instanceof \PHPParser_Node_Stmt_Trait && is_string($node->name) && !$this->sandbox->has_blacklist_traits()) {
$this->sandbox->whitelist_trait($node->name);
} else {
if ($node instanceof \PHPParser_Node_Expr_New && $node->class instanceof \PHPParser_Node_Name && !$this->sandbox->has_blacklist_types()) {
$this->sandbox->whitelist_type($node->class->toString());
} else {
if ($node instanceof \PHPParser_Node_Stmt_Global && $this->sandbox->has_whitelist_vars()) {
foreach ($node->vars as $var) {
/**
* @var \PHPParser_Node_Expr_Variable $var
*/
if ($var instanceof \PHPParser_Node_Expr_Variable) {
$this->sandbox->whitelist_var($var->name);
}
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_Namespace) {
if ($node->name instanceof \PHPParser_Node_Name) {
$name = $node->name->toString();
$this->sandbox->check_namespace($name);
if (!$this->sandbox->is_defined_namespace($name)) {
$this->sandbox->define_namespace($name);
}
}
return false;
} else {
if ($node instanceof \PHPParser_Node_Stmt_Use) {
foreach ($node->uses as $use) {
/**
* @var \PHPParser_Node_Stmt_UseUse $use
*/
if ($use instanceof \PHPParser_Node_Stmt_UseUse && $use->name instanceof \PHPParser_Node_Name && (is_string($use->alias) || is_null($use->alias))) {
$name = $use->name->toString();
$this->sandbox->check_alias($name);
if (!$this->sandbox->is_defined_alias($name)) {
$this->sandbox->define_alias($name, $use->alias);
}
}
}
return false;
}
}
}
}
}
}
}
}
}
}
}
}
return null;
}
/** Examine the current PHPParser_Node node against the PHPSandbox configuration for validating sandboxed code
*
* @param \PHPParser_Node $node The sandboxed $node to validate
*
* @throws Error Throws an exception if validation fails
*
* @return \PHPParser_Node|bool|null Return rewritten node, false if node must be removed, or null if no changes to the node are made
*/
public function leaveNode(\PHPParser_Node $node)
{
if ($node instanceof \PHPParser_Node_Arg) {
return new \PHPParser_Node_Expr_FuncCall(new \PHPParser_Node_Name_FullyQualified($node->value instanceof \PHPParser_Node_Expr_Variable ? 'PHPSandbox\\wrapByRef' : 'PHPSandbox\\wrap'), array($node, new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name)))), $node->getAttributes());
} else {
if ($node instanceof \PHPParser_Node_Stmt_InlineHTML) {
if (!$this->sandbox->allow_escaping) {
$this->sandbox->validation_error("Sandboxed code attempted to escape to HTML!", Error::ESCAPE_ERROR, $node);
}
} else {
if ($node instanceof \PHPParser_Node_Expr_Cast) {
if (!$this->sandbox->allow_casting) {
$this->sandbox->validation_error("Sandboxed code attempted to cast!", Error::CAST_ERROR, $node);
}
if ($node instanceof \PHPParser_Node_Expr_Cast_Int) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_intval', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
} else {
if ($node instanceof \PHPParser_Node_Expr_Cast_Double) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_floatval', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
} else {
if ($node instanceof \PHPParser_Node_Expr_Cast_Bool) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_boolval', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
} else {
if ($node instanceof \PHPParser_Node_Expr_Cast_Array) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_arrayval', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
} else {
if ($node instanceof \PHPParser_Node_Expr_Cast_Object) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_objectval', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
}
}
}
}
}
} else {
if ($node instanceof \PHPParser_Node_Expr_FuncCall) {
if ($node->name instanceof \PHPParser_Node_Name) {
$name = strtolower($node->name->toString());
if (!$this->sandbox->check_func($name)) {
$this->sandbox->validation_error("Function failed custom validation!", Error::VALID_FUNC_ERROR, $node);
}
if ($this->sandbox->is_defined_func($name)) {
$args = $node->args;
array_unshift($args, new \PHPParser_Node_Arg(new \PHPParser_Node_Scalar_String($name)));
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), 'call_func', $args, $node->getAttributes());
}
if ($this->sandbox->overwrite_defined_funcs && in_array($name, PHPSandbox::$defined_funcs)) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_' . $name, array(new \PHPParser_Node_Arg(new \PHPParser_Node_Expr_FuncCall(new \PHPParser_Node_Name(array($name))))), $node->getAttributes());
}
if ($this->sandbox->overwrite_sandboxed_string_funcs && in_array($name, PHPSandbox::$sandboxed_string_funcs)) {
$args = $node->args;
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_' . $name, $args, $node->getAttributes());
}
if ($this->sandbox->overwrite_func_get_args && in_array($name, PHPSandbox::$arg_funcs)) {
if ($name == 'func_get_arg') {
$index = new \PHPParser_Node_Arg(new \PHPParser_Node_Scalar_LNumber(0));
if (isset($node->args[0]) && $node->args[0] instanceof \PHPParser_Node_Arg) {
$index = $node->args[0];
}
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_' . $name, array(new \PHPParser_Node_Arg(new \PHPParser_Node_Expr_FuncCall(new \PHPParser_Node_Name(array('func_get_args')))), $index), $node->getAttributes());
}
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_' . $name, array(new \PHPParser_Node_Arg(new \PHPParser_Node_Expr_FuncCall(new \PHPParser_Node_Name(array('func_get_args'))))), $node->getAttributes());
}
} else {
return new \PHPParser_Node_Expr_Ternary(new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), 'check_func', array(new \PHPParser_Node_Arg($node->name)), $node->getAttributes()), $node, new \PHPParser_Node_Expr_ConstFetch(new \PHPParser_Node_Name('null')));
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_Function) {
if (!$this->sandbox->allow_functions) {
$this->sandbox->validation_error("Sandboxed code attempted to define function!", Error::DEFINE_FUNC_ERROR, $node);
}
if (!$this->sandbox->check_keyword('function')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'function');
}
if (!$node->name) {
$this->sandbox->validation_error("Sandboxed code attempted to define unnamed function!", Error::DEFINE_FUNC_ERROR, $node, '');
}
if ($this->sandbox->is_defined_func($node->name)) {
$this->sandbox->validation_error("Sandboxed code attempted to redefine function!", Error::DEFINE_FUNC_ERROR, $node, $node->name);
}
if ($node->byRef && !$this->sandbox->allow_references) {
$this->sandbox->validation_error("Sandboxed code attempted to define function return by reference!", Error::BYREF_ERROR, $node);
}
} else {
if ($node instanceof \PHPParser_Node_Expr_Closure) {
if (!$this->sandbox->allow_closures) {
$this->sandbox->validation_error("Sandboxed code attempted to create a closure!", Error::CLOSURE_ERROR, $node);
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_Class) {
if (!$this->sandbox->allow_classes) {
$this->sandbox->validation_error("Sandboxed code attempted to define class!", Error::DEFINE_CLASS_ERROR, $node);
}
if (!$this->sandbox->check_keyword('class')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'class');
}
if (!$node->name) {
$this->sandbox->validation_error("Sandboxed code attempted to define unnamed class!", Error::DEFINE_CLASS_ERROR, $node, '');
}
if (!$this->sandbox->check_class($node->name)) {
$this->sandbox->validation_error("Class failed custom validation!", Error::VALID_CLASS_ERROR, $node, $node->name);
}
if ($node->extends instanceof \PHPParser_Node_Name) {
if (!$this->sandbox->check_keyword('extends')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'extends');
}
if (!$node->extends->toString()) {
$this->sandbox->validation_error("Sandboxed code attempted to extend unnamed class!", Error::DEFINE_CLASS_ERROR, $node, '');
}
if (!$this->sandbox->check_class($node->extends->toString(), true)) {
$this->sandbox->validation_error("Class extension failed custom validation!", Error::VALID_CLASS_ERROR, $node, $node->extends->toString());
}
}
if (is_array($node->implements)) {
if (!$this->sandbox->check_keyword('implements')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'implements');
}
foreach ($node->implements as $implement) {
/**
* @var \PHPParser_Node_Name $implement
*/
if (!$implement->toString()) {
$this->sandbox->validation_error("Sandboxed code attempted to implement unnamed interface!", Error::DEFINE_INTERFACE_ERROR, $node, '');
}
if (!$this->sandbox->check_interface($implement->toString())) {
$this->sandbox->validation_error("Interface failed custom validation!", Error::VALID_INTERFACE_ERROR, $node, $implement->toString());
}
}
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_Interface) {
if (!$this->sandbox->allow_interfaces) {
$this->sandbox->validation_error("Sandboxed code attempted to define interface!", Error::DEFINE_INTERFACE_ERROR, $node);
}
if (!$this->sandbox->check_keyword('interface')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'interface');
}
if (!$node->name) {
$this->sandbox->validation_error("Sandboxed code attempted to define unnamed interface!", Error::DEFINE_INTERFACE_ERROR, $node, '');
}
if (!$this->sandbox->check_interface($node->name)) {
$this->sandbox->validation_error("Interface failed custom validation!", Error::VALID_INTERFACE_ERROR, $node, $node->name);
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_Trait) {
if (!$this->sandbox->allow_traits) {
$this->sandbox->validation_error("Sandboxed code attempted to define trait!", Error::DEFINE_TRAIT_ERROR, $node);
}
if (!$this->sandbox->check_keyword('trait')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'trait');
}
if (!$node->name) {
$this->sandbox->validation_error("Sandboxed code attempted to define unnamed trait!", Error::DEFINE_TRAIT_ERROR, $node, '');
}
if (!$this->sandbox->check_trait($node->name)) {
$this->sandbox->validation_error("Trait failed custom validation!", Error::VALID_TRAIT_ERROR, $node, $node->name);
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_TraitUse) {
if (!$this->sandbox->check_keyword('use')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'use');
}
if (is_array($node->traits)) {
foreach ($node->traits as $trait) {
/**
* @var \PHPParser_Node_Name $trait
*/
if (!$trait->toString()) {
$this->sandbox->validation_error("Sandboxed code attempted to use unnamed trait!", Error::DEFINE_TRAIT_ERROR, $node, '');
}
if (!$this->sandbox->check_trait($trait->toString())) {
$this->sandbox->validation_error("Trait failed custom validation!", Error::VALID_TRAIT_ERROR, $node, $trait->toString());
}
}
}
} else {
if ($node instanceof \PHPParser_Node_Expr_Yield) {
if (!$this->sandbox->allow_generators) {
$this->sandbox->validation_error("Sandboxed code attempted to create a generator!", Error::GENERATOR_ERROR, $node);
}
if (!$this->sandbox->check_keyword('yield')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'yield');
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_Global) {
if (!$this->sandbox->allow_globals) {
$this->sandbox->validation_error("Sandboxed code attempted to use global keyword!", Error::GLOBALS_ERROR, $node);
}
if (!$this->sandbox->check_keyword('global')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'global');
}
foreach ($node->vars as $var) {
/**
* @var \PHPParser_Node_Expr_Variable $var
*/
if ($var instanceof \PHPParser_Node_Expr_Variable) {
if (!$this->sandbox->check_global($var->name)) {
$this->sandbox->validation_error("Global failed custom validation!", Error::VALID_GLOBAL_ERROR, $node, $var->name);
}
} else {
$this->sandbox->validation_error("Sandboxed code attempted to pass non-variable to global keyword!", Error::DEFINE_GLOBAL_ERROR, $node);
}
}
} else {
if ($node instanceof \PHPParser_Node_Expr_Variable) {
if (!is_string($node->name)) {
$this->sandbox->validation_error("Sandboxed code attempted dynamically-named variable call!", Error::DYNAMIC_VAR_ERROR, $node);
}
if ($node->name == $this->sandbox->name) {
$this->sandbox->validation_error("Sandboxed code attempted to access the PHPSandbox instance!", Error::SANDBOX_ACCESS_ERROR, $node);
}
if (in_array($node->name, PHPSandbox::$superglobals)) {
if (!$this->sandbox->check_superglobal($node->name)) {
$this->sandbox->validation_error("Superglobal failed custom validation!", Error::VALID_SUPERGLOBAL_ERROR, $node, $node->name);
}
if ($this->sandbox->overwrite_superglobals) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_get_superglobal', array(new \PHPParser_Node_Arg(new \PHPParser_Node_Scalar_String($node->name))), $node->getAttributes());
}
} else {
if (!$this->sandbox->check_var($node->name)) {
$this->sandbox->validation_error("Variable failed custom validation!", Error::VALID_VAR_ERROR, $node, $node->name);
}
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_StaticVar) {
if (!$this->sandbox->allow_static_variables) {
$this->sandbox->validation_error("Sandboxed code attempted to create static variable!", Error::STATIC_VAR_ERROR, $node);
}
if (!is_string($node->name)) {
$this->sandbox->validation_error("Sandboxed code attempted dynamically-named static variable call!", Error::DYNAMIC_STATIC_VAR_ERROR, $node);
}
if (!$this->sandbox->check_var($node->name)) {
$this->sandbox->validation_error("Variable failed custom validation!", Error::VALID_VAR_ERROR, $node, $node->name);
}
if ($node->default instanceof \PHPParser_Node_Expr_New) {
$node->default = $node->default->args[0];
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_Const) {
$this->sandbox->validation_error("Sandboxed code cannot use const keyword in the global scope!", Error::GLOBAL_CONST_ERROR, $node);
} else {
if ($node instanceof \PHPParser_Node_Expr_ConstFetch) {
if (!$node->name instanceof \PHPParser_Node_Name) {
$this->sandbox->validation_error("Sandboxed code attempted dynamically-named constant call!", Error::DYNAMIC_CONST_ERROR, $node);
}
if (!$this->sandbox->check_const($node->name->toString())) {
$this->sandbox->validation_error("Constant failed custom validation!", Error::VALID_CONST_ERROR, $node, $node->name->toString());
}
} else {
if ($node instanceof \PHPParser_Node_Expr_ClassConstFetch || $node instanceof \PHPParser_Node_Expr_StaticCall || $node instanceof \PHPParser_Node_Expr_StaticPropertyFetch) {
$class = $node->class;
if (!$class instanceof \PHPParser_Node_Name) {
$this->sandbox->validation_error("Sandboxed code attempted dynamically-named class call!", Error::DYNAMIC_CLASS_ERROR, $node);
}
if ($this->sandbox->is_defined_class($class)) {
$node->class = new \PHPParser_Node_Name($this->sandbox->get_defined_class($class));
}
/**
* @var \PHPParser_Node_Name $class
*/
if (!$this->sandbox->check_class($class->toString())) {
$this->sandbox->validation_error("Class constant failed custom validation!", Error::VALID_CLASS_ERROR, $node, $class->toString());
}
return $node;
} else {
if ($node instanceof \PHPParser_Node_Param && $node->type instanceof \PHPParser_Node_Name) {
$class = $node->type->toString();
if ($this->sandbox->is_defined_class($class)) {
$node->type = new \PHPParser_Node_Name($this->sandbox->get_defined_class($class));
}
return $node;
} else {
if ($node instanceof \PHPParser_Node_Expr_New) {
if (!$this->sandbox->allow_objects) {
$this->sandbox->validation_error("Sandboxed code attempted to create object!", Error::CREATE_OBJECT_ERROR, $node);
}
if (!$this->sandbox->check_keyword('new')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'new');
}
if (!$node->class instanceof \PHPParser_Node_Name) {
$this->sandbox->validation_error("Sandboxed code attempted dynamically-named class call!", Error::DYNAMIC_CLASS_ERROR, $node);
}
$class = $node->class->toString();
if ($this->sandbox->is_defined_class($class)) {
$node->class = new \PHPParser_Node_Name($this->sandbox->get_defined_class($class));
}
$this->sandbox->check_type($class);
return $node;
} else {
if ($node instanceof \PHPParser_Node_Expr_ErrorSuppress) {
if (!$this->sandbox->allow_error_suppressing) {
$this->sandbox->validation_error("Sandboxed code attempted to suppress error!", Error::ERROR_SUPPRESS_ERROR, $node);
}
} else {
if ($node instanceof \PHPParser_Node_Expr_AssignRef) {
if (!$this->sandbox->allow_references) {
$this->sandbox->validation_error("Sandboxed code attempted to assign by reference!", Error::BYREF_ERROR, $node);
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_HaltCompiler) {
if (!$this->sandbox->allow_halting) {
$this->sandbox->validation_error("Sandboxed code attempted to halt compiler!", Error::HALT_ERROR, $node);
}
if (!$this->sandbox->check_keyword('halt')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'halt');
}
} else {
if ($node instanceof \PHPParser_Node_Stmt_Namespace) {
if (!$this->sandbox->allow_namespaces) {
$this->sandbox->validation_error("Sandboxed code attempted to define namespace!", Error::DEFINE_NAMESPACE_ERROR, $node);
}
if (!$this->sandbox->check_keyword('namespace')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'namespace');
}
if ($node->name instanceof \PHPParser_Node_Name) {
$namespace = $node->name->toString();
$this->sandbox->check_namespace($namespace);
if (!$this->sandbox->is_defined_namespace($namespace)) {
$this->sandbox->define_namespace($namespace);
}
} else {
$this->sandbox->validation_error("Sandboxed code attempted use invalid namespace!", Error::DEFINE_NAMESPACE_ERROR, $node);
}
return $node->stmts;
} else {
if ($node instanceof \PHPParser_Node_Stmt_Use) {
if (!$this->sandbox->allow_aliases) {
$this->sandbox->validation_error("Sandboxed code attempted to use namespace and/or alias!", Error::DEFINE_ALIAS_ERROR, $node);
}
if (!$this->sandbox->check_keyword('use')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'use');
}
foreach ($node->uses as $use) {
/**
* @var \PHPParser_Node_Stmt_UseUse $use
*/
if ($use instanceof \PHPParser_Node_Stmt_UseUse && $use->name instanceof \PHPParser_Node_Name && (is_string($use->alias) || is_null($use->alias))) {
$this->sandbox->check_alias($use->name->toString());
if ($use->alias) {
if (!$this->sandbox->check_keyword('as')) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, 'as');
}
}
$this->sandbox->define_alias($use->name->toString(), $use->alias);
} else {
$this->sandbox->validation_error("Sandboxed code attempted use invalid namespace or alias!", Error::DEFINE_ALIAS_ERROR, $node);
}
}
return false;
} else {
if ($node instanceof \PHPParser_Node_Expr_ShellExec) {
if ($this->sandbox->is_defined_func('shell_exec')) {
$args = array(new \PHPParser_Node_Arg(new \PHPParser_Node_Scalar_String('shell_exec')), new \PHPParser_Node_Arg(new \PHPParser_Node_Scalar_String(implode('', $node->parts))));
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), 'call_func', $args, $node->getAttributes());
}
if ($this->sandbox->has_whitelist_funcs()) {
if (!$this->sandbox->is_whitelisted_func('shell_exec')) {
$this->sandbox->validation_error("Sandboxed code attempted to use shell execution backticks when the shell_exec function is not whitelisted!", Error::BACKTICKS_ERROR, $node);
}
} else {
if ($this->sandbox->has_blacklist_funcs() && $this->sandbox->is_blacklisted_func('shell_exec')) {
$this->sandbox->validation_error("Sandboxed code attempted to use shell execution backticks when the shell_exec function is blacklisted!", Error::BACKTICKS_ERROR, $node);
}
}
if (!$this->sandbox->allow_backticks) {
$this->sandbox->validation_error("Sandboxed code attempted to use shell execution backticks!", Error::BACKTICKS_ERROR, $node);
}
} else {
if ($name = $this->is_magic_const($node)) {
if (!$this->sandbox->check_magic_const($name)) {
$this->sandbox->validation_error("Magic constant failed custom validation!", Error::VALID_MAGIC_CONST_ERROR, $node, $name);
}
if ($this->sandbox->is_defined_magic_const($name)) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_get_magic_const', array(new \PHPParser_Node_Arg(new \PHPParser_Node_Scalar_String($name))), $node->getAttributes());
}
} else {
if ($name = $this->is_keyword($node)) {
if (!$this->sandbox->check_keyword($name)) {
$this->sandbox->validation_error("Keyword failed custom validation!", Error::VALID_KEYWORD_ERROR, $node, $name);
}
if ($node instanceof \PHPParser_Node_Expr_Include && !$this->sandbox->allow_includes) {
$this->sandbox->validation_error("Sandboxed code attempted to include files!", Error::INCLUDE_ERROR, $node, $name);
} else {
if ($node instanceof \PHPParser_Node_Expr_Include && ($node->type == \PHPParser_Node_Expr_Include::TYPE_INCLUDE && $this->sandbox->is_defined_func('include') || $node->type == \PHPParser_Node_Expr_Include::TYPE_INCLUDE_ONCE && $this->sandbox->is_defined_func('include_once') || $node->type == \PHPParser_Node_Expr_Include::TYPE_REQUIRE && $this->sandbox->is_defined_func('require') || $node->type == \PHPParser_Node_Expr_Include::TYPE_REQUIRE_ONCE && $this->sandbox->is_defined_func('require_once'))) {
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), 'call_func', array(new \PHPParser_Node_Arg(new \PHPParser_Node_Scalar_String($name)), new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
} else {
if ($node instanceof \PHPParser_Node_Expr_Include && $this->sandbox->sandbox_includes) {
switch ($node->type) {
case \PHPParser_Node_Expr_Include::TYPE_INCLUDE_ONCE:
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_include_once', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
break;
case \PHPParser_Node_Expr_Include::TYPE_REQUIRE:
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_require', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
break;
case \PHPParser_Node_Expr_Include::TYPE_REQUIRE_ONCE:
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_require_once', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
break;
case \PHPParser_Node_Expr_Include::TYPE_INCLUDE:
default:
return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_include', array(new \PHPParser_Node_Arg($node->expr)), $node->getAttributes());
break;
}
}
}
}
} else {
if ($name = $this->is_operator($node)) {
if (!$this->sandbox->check_operator($name)) {
$this->sandbox->validation_error("Operator failed custom validation!", Error::VALID_OPERATOR_ERROR, $node, $name);
}
} else {
if ($name = $this->is_primitive($node)) {
if (!$this->sandbox->check_primitive($name)) {
$this->sandbox->validation_error("Primitive failed custom validation!", Error::VALID_PRIMITIVE_ERROR, $node, $name);
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
return null;
}