/** * @param Node $node * @param 数据流 $dataFlow */ public static function setSanitiInfo($node, $dataFlow, $block, $fileSummary) { $dataFlows = $block->getBlockSummary()->getDataFlowMap(); $sanitiInfo = self::SantiniFuncHandler($node, $fileSummary); $sanitiInfo = null; if ($sanitiInfo) { $args = NodeUtils::getFuncParamsNode($node); if (count($args) > 0) { if (!$dataFlow->getValue()) { $arg = SymbolUtils::getSymbolByNode($args[0]); $dataFlow->setValue($arg); } } //向上追踪变量,相同变量的净化信息,全部添加 $funcParams = NodeUtils::getNodeFuncParams($node); //traceback $sameVarSanitiInfo = array(); foreach ($funcParams as $param) { $dataFlows = $block->getBlockSummary()->getDataFlowMap(); $dataFlows = array_reverse($dataFlows); $ret = self::sanitiSameVarMultiBlockHandler($param, $block, $dataFlows, $fileSummary); //如果一个参数没有净化,则未净化 if (!$ret[0]) { $sameVarSanitiInfo = array(); break; } $sameVarSanitiInfo = array_merge($sameVarSanitiInfo, $ret['funcs']); } //加入此变量的净化信息中 foreach ($sameVarSanitiInfo as $oneFunction) { $dataFlow->getLocation()->addSanitization($oneFunction); } $dataFlow->getLocation()->addSanitization($sanitiInfo); } $funcName = NodeUtils::getNodeFunctionName($node); //清除反作用的函数 SanitizationHandler::clearSantiInfo($funcName, $node, $dataFlow); }