public function getUserSanitizeFuncConetxt() { //判断本地序列化文件中是否存在UserSanitizeFuncConetxt if (($serial_str = file_get_contents(CURR_PATH . "/data/sanitizeFuncConetxtSerialData")) != '') { $sanitizeFunctions = unserialize($serial_str); $funcContext = UserSanitizeFuncConetxt::getInstance(); $funcContext->sanitizeFunctions = $sanitizeFunctions; return; } global $allFiles; $filearr = $allFiles; $len = count($filearr); for ($i = 0; $i < $len; $i++) { $this->visitor->filePath = $filearr[$i]; $code = file_get_contents($this->visitor->filePath); try { $stmts = $this->parser->parse($code); } catch (PhpParser\Error $e) { //echo 'Parse Error: ', $e->getMessage(); continue; } $this->traverser->traverse($stmts); //遍历AST } $funcContext = UserSanitizeFuncConetxt::getInstance(); //对UserSanitizeFuncConetxt进行序列化,加快下次读取速度 $this->serializeContext($funcContext); }
/** * 检测是否为系统净化函数或已处理的净化函数 * @param 函数名 $funcName * @return array(true|false,type) */ public static function isSecureFunction($funcName) { global $F_SECURES_ARRAY, $F_SECURES_ALL; $nameNum = count($F_SECURES_ARRAY); //查找系统净化函数 if (in_array($funcName, $F_SECURES_ALL)) { $type = array(); for ($i = 0; $i < $nameNum; $i++) { if (in_array($funcName, $F_SECURES_ARRAY[$i])) { array_push($type, $F_SECURES_ARRAY[$i]['__NAME__']); } } if ($type) { return array(true, 'type' => $type); } else { return array(false); } } else { //已经查找过的用户定义净化函数 $sanitiFuncContext = UserSanitizeFuncConetxt::getInstance(); $ret = $sanitiFuncContext->getFuncSanitizeInfo($funcName); if ($ret) { return array(true, 'type' => $ret->getSanitiType()); } else { return array(false); } } }