/** * $GLOBALS["first"]["second"]["third"] =>first[second][third] * @param Node $node * @return GLOBALS注册的变量名 */ public static function getNodeGLOBALSNodeName($node) { if (!$node instanceof Node) { return null; } if ($node->var->var) { $ret = NodeUtils::getNodeStringName($node->dim); return NodeUtils::getNodeGLOBALSNodeName($node->var) . "[" . $ret . "]"; } return NodeUtils::getNodeStringName($node->dim); }
/** * 处理赋值的assign语句,添加至dataFlows中 * @param AST $node * @param DataFlow $dataFlow * @param string $type */ public function assignHandler($node, $dataFlow, $type, $block, $fileSummary) { $part = null; if ($type == "left") { $part = $node->var; } else { if ($type == "right") { $part = $node->expr; } else { return; } } //处理$GLOBALS的赋值 //$GLOBAL['name'] = "chongrui" ; 数据流信息为 $name = "chongrui" ; if ($part && SymbolUtils::isArrayDimFetch($part) && substr(NodeUtils::getNodeStringName($part), 0, 7) == "GLOBALS") { //加入dataFlow $arr = new ArrayDimFetchSymbol(); $arr->setValue($part); if ($type == "left") { $dataFlow->setLocation($arr); $dataFlow->setName(NodeUtils::getNodeGLOBALSNodeName($part)); } else { if ($type == "right") { $dataFlow->setValue($arr); } } return; } //处理赋值语句,存放在DataFlow //处理赋值语句的左边 if ($part && SymbolUtils::isValue($part)) { //在DataFlow加入Location以及name $vs = new ValueSymbol(); $vs->setValueByNode($part); if ($type == "left") { $dataFlow->setLocation($vs); $dataFlow->setName($part->name); } else { if ($type == "right") { $dataFlow->setValue($vs); } } } elseif ($part && SymbolUtils::isVariable($part)) { //加入dataFlow $vars = new VariableSymbol(); $vars->setValue($part); if ($type == "left") { $dataFlow->setLocation($vars); $dataFlow->setName($part->name); } else { if ($type == "right") { $dataFlow->setValue($part); } } } elseif ($part && SymbolUtils::isConstant($part)) { //加入dataFlow $con = new ConstantSymbol(); $con->setValueByNode($part); $con->setName($part->name->parts[0]); if ($type == "left") { $dataFlow->setLocation($con); $dataFlow->setName($part->name); } else { if ($type == "right") { $dataFlow->setValue($con); } } } elseif ($part && SymbolUtils::isArrayDimFetch($part)) { //加入dataFlow $arr = new ArrayDimFetchSymbol(); $arr->setValue($part); if ($type == "left") { $dataFlow->setLocation($arr); $dataFlow->setName(NodeUtils::getNodeStringName($part)); } else { if ($type == "right") { $dataFlow->setValue($arr); } } } elseif ($part && SymbolUtils::isConcat($part)) { $concat = new ConcatSymbol(); $concat->setItemByNode($part); if ($type == "left") { $dataFlow->setLocation($concat); $dataFlow->setName($part->name); } else { if ($type == "right") { $dataFlow->setValue($concat); } } } else { //不属于已有的任何一个symbol类型,如函数调用 if ($part && ($part->getType() == "Expr_FuncCall" || $part->getType() == "Expr_MethodCall" || $part->getType() == "Expr_StaticCall")) { if ($type == "left") { $dataFlow->setLocation($arr); $dataFlow->setName(NodeUtils::getNodeStringName($part)); } else { if ($type == "right") { //处理净化信息和编码信息 SanitizationHandler::setSanitiInfo($part, $dataFlow, $block, $fileSummary); EncodingHandler::setEncodeInfo($part, $dataFlow, $block, $fileSummary); } } } //处理三元表达式 if ($part && $part->getType() == "Expr_Ternary") { BIFuncUtils::ternaryHandler($type, $part, $dataFlow); } } }
/** * 检测GLOBALS的定义 * @param Node $node * @param BasicBlock $block */ private function registerGLOBALSHandler($node, $block) { $registerItem = new RegisterGlobal(); $varName = NodeUtils::getNodeGLOBALSNodeName($node); $registerItem->setName($varName); $registerItem->setIsUrlOverWrite(false); $block->getBlockSummary()->addRegisterGlobalItem($registerItem); }