2019-08-04 16:37:36 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Psalm\Internal\Codebase;
|
|
|
|
|
|
|
|
use Psalm\CodeLocation;
|
|
|
|
use Psalm\Internal\Analyzer\StatementsAnalyzer;
|
2019-10-13 18:34:40 +02:00
|
|
|
use Psalm\Internal\Provider\ClassLikeStorageProvider;
|
|
|
|
use Psalm\Internal\Provider\FileReferenceProvider;
|
|
|
|
use Psalm\Internal\Provider\FileStorageProvider;
|
2020-05-22 04:47:58 +02:00
|
|
|
use Psalm\Internal\Taint\Path;
|
2019-08-14 06:47:57 +02:00
|
|
|
use Psalm\Internal\Taint\Sink;
|
|
|
|
use Psalm\Internal\Taint\Source;
|
2020-05-22 04:47:58 +02:00
|
|
|
use Psalm\Internal\Taint\TaintNode;
|
2019-08-14 06:47:57 +02:00
|
|
|
use Psalm\Internal\Taint\Taintable;
|
2019-08-04 16:37:36 +02:00
|
|
|
use Psalm\IssueBuffer;
|
|
|
|
use Psalm\Issue\TaintedInput;
|
|
|
|
use function array_merge;
|
|
|
|
use function array_merge_recursive;
|
|
|
|
use function strtolower;
|
|
|
|
use UnexpectedValueException;
|
2020-05-22 04:47:58 +02:00
|
|
|
use function count;
|
|
|
|
use function implode;
|
|
|
|
use function substr;
|
|
|
|
use function strlen;
|
|
|
|
use function array_intersect;
|
2019-08-04 16:37:36 +02:00
|
|
|
|
|
|
|
class Taint
|
|
|
|
{
|
2020-05-22 04:47:58 +02:00
|
|
|
/** @var array<string, Source> */
|
2020-05-22 05:43:13 +02:00
|
|
|
private $sources = [];
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
/** @var array<string, TaintNode> */
|
2020-05-22 05:43:13 +02:00
|
|
|
private $nodes = [];
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
/** @var array<string, Sink> */
|
2020-05-22 05:43:13 +02:00
|
|
|
private $sinks = [];
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
/** @var array<string, array<string, array{array<string>, array<string>}>> */
|
2020-05-22 05:43:13 +02:00
|
|
|
private $forward_edges = [];
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
/** @var array<string, array<string, array{array<string>, array<string>}>> */
|
2020-05-22 05:43:13 +02:00
|
|
|
private $backward_edges = [];
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
/** @var array<string, array<string, true>> */
|
2020-05-22 05:43:13 +02:00
|
|
|
private $specialized_calls = [];
|
2019-08-06 20:27:21 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
public function addSource(Source $node) : void
|
2019-08-04 16:37:36 +02:00
|
|
|
{
|
2020-05-22 05:43:13 +02:00
|
|
|
$this->sources[$node->id] = $node;
|
2019-08-04 16:37:36 +02:00
|
|
|
}
|
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
public function addSink(Sink $node) : void
|
2019-08-04 16:37:36 +02:00
|
|
|
{
|
2020-05-22 05:43:13 +02:00
|
|
|
$this->sinks[$node->id] = $node;
|
2019-08-04 16:37:36 +02:00
|
|
|
}
|
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
public function addTaintNode(TaintNode $node) : void
|
2019-08-04 16:37:36 +02:00
|
|
|
{
|
2020-05-22 05:43:13 +02:00
|
|
|
$this->nodes[$node->id] = $node;
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
if ($node->unspecialized_id && $node->specialization_key) {
|
2020-05-22 05:43:13 +02:00
|
|
|
$this->specialized_calls[$node->specialization_key][$node->unspecialized_id] = true;
|
2019-08-14 06:47:57 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2020-05-22 04:47:58 +02:00
|
|
|
* @param array<string> $added_taints
|
|
|
|
* @param array<string> $removed_taints
|
2019-08-14 06:47:57 +02:00
|
|
|
*/
|
2020-05-22 04:47:58 +02:00
|
|
|
public function addPath(
|
|
|
|
Taintable $from,
|
|
|
|
Taintable $to,
|
|
|
|
array $added_taints = [],
|
|
|
|
array $removed_taints = []
|
2019-08-14 06:47:57 +02:00
|
|
|
) : void {
|
2020-05-22 04:47:58 +02:00
|
|
|
$from_id = $from->id;
|
|
|
|
$to_id = $to->id;
|
2019-08-14 06:47:57 +02:00
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
$this->forward_edges[$from_id][$to_id] = [$added_taints, $removed_taints];
|
|
|
|
$this->backward_edges[$to_id][$from_id] = [$added_taints, $removed_taints];
|
2019-08-04 16:37:36 +02:00
|
|
|
}
|
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
public function getPredecessorPath(Taintable $source) : string
|
2019-08-04 16:37:36 +02:00
|
|
|
{
|
2019-08-07 00:56:36 +02:00
|
|
|
$location_summary = '';
|
2019-08-06 23:29:44 +02:00
|
|
|
|
2019-08-07 00:56:36 +02:00
|
|
|
if ($source->code_location) {
|
2019-10-19 23:59:10 +02:00
|
|
|
$location_summary = $source->code_location->getShortSummary();
|
2019-08-14 15:52:59 +02:00
|
|
|
}
|
2019-08-06 23:29:44 +02:00
|
|
|
|
2019-10-19 23:59:10 +02:00
|
|
|
$source_descriptor = $source->label . ($location_summary ? ' (' . $location_summary . ')' : '');
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$previous_source = $source->previous;
|
2019-08-14 06:47:57 +02:00
|
|
|
|
|
|
|
if ($previous_source) {
|
2019-08-04 16:37:36 +02:00
|
|
|
if ($previous_source === $source) {
|
2019-08-07 00:56:36 +02:00
|
|
|
return '';
|
2019-08-04 16:37:36 +02:00
|
|
|
}
|
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
return $this->getPredecessorPath($previous_source) . ' -> ' . $source_descriptor;
|
2019-08-04 16:37:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return $source_descriptor;
|
|
|
|
}
|
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
public function getSuccessorPath(Taintable $sink) : string
|
2019-08-04 16:37:36 +02:00
|
|
|
{
|
2019-08-07 00:56:36 +02:00
|
|
|
$location_summary = '';
|
2019-08-06 23:29:44 +02:00
|
|
|
|
2019-08-14 06:47:57 +02:00
|
|
|
if ($sink->code_location) {
|
2019-10-19 23:59:10 +02:00
|
|
|
$location_summary = $sink->code_location->getShortSummary();
|
2019-08-14 15:52:59 +02:00
|
|
|
}
|
2019-08-06 23:29:44 +02:00
|
|
|
|
2019-10-19 23:59:10 +02:00
|
|
|
$sink_descriptor = $sink->label . ($location_summary ? ' (' . $location_summary . ')' : '');
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$next_sink = $sink->previous;
|
2019-08-14 06:47:57 +02:00
|
|
|
|
|
|
|
if ($next_sink) {
|
|
|
|
if ($next_sink === $sink) {
|
2019-08-07 00:56:36 +02:00
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
return $sink_descriptor . ' -> ' . $this->getSuccessorPath($next_sink);
|
2019-08-04 16:37:36 +02:00
|
|
|
}
|
|
|
|
|
2019-08-14 06:47:57 +02:00
|
|
|
return $sink_descriptor;
|
2019-08-04 16:37:36 +02:00
|
|
|
}
|
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
public function addThreadData(self $taint) : void
|
2019-08-04 16:37:36 +02:00
|
|
|
{
|
2020-05-22 04:47:58 +02:00
|
|
|
$this->sources += $taint->sources;
|
|
|
|
$this->sinks += $taint->sinks;
|
|
|
|
$this->nodes += $taint->nodes;
|
|
|
|
$this->specialized_calls += $taint->specialized_calls;
|
|
|
|
|
|
|
|
foreach ($taint->forward_edges as $key => $map) {
|
|
|
|
if (!isset($this->forward_edges[$key])) {
|
|
|
|
$this->forward_edges[$key] = $map;
|
|
|
|
} else {
|
|
|
|
$this->forward_edges[$key] = \array_merge(
|
|
|
|
$this->forward_edges[$key],
|
|
|
|
$map
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
2019-10-14 02:10:31 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
foreach ($taint->backward_edges as $key => $map) {
|
|
|
|
if (!isset($this->backward_edges[$key])) {
|
|
|
|
$this->backward_edges[$key] = $map;
|
|
|
|
} else {
|
|
|
|
$this->backward_edges[$key] = \array_merge(
|
|
|
|
$this->backward_edges[$key],
|
|
|
|
$map
|
|
|
|
);
|
2019-10-14 02:10:31 +02:00
|
|
|
}
|
|
|
|
}
|
2020-05-22 04:47:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function connectSinksAndSources() : void
|
|
|
|
{
|
|
|
|
$visited_source_ids = [];
|
|
|
|
//$visited_sink_ids = [];
|
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
$sources = $this->sources;
|
|
|
|
$sinks = $this->sinks;
|
2020-05-22 04:47:58 +02:00
|
|
|
|
|
|
|
for ($i = 0; count($sinks) && count($sources) && $i < 10; $i++) {
|
|
|
|
$new_sources = [];
|
|
|
|
|
|
|
|
foreach ($sources as $source) {
|
|
|
|
$source_taints = $source->taints;
|
|
|
|
\sort($source_taints);
|
|
|
|
|
|
|
|
$visited_source_ids[$source->id][implode(',', $source_taints)] = true;
|
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
if (!isset($this->forward_edges[$source->id])) {
|
2020-05-22 04:47:58 +02:00
|
|
|
$source = clone $source;
|
2019-10-14 02:10:31 +02:00
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
if ($source->specialization_key && isset($this->specialized_calls[$source->specialization_key])) {
|
2020-05-22 04:47:58 +02:00
|
|
|
$source->specialized_calls[$source->specialization_key]
|
2020-05-22 05:43:13 +02:00
|
|
|
= $this->specialized_calls[$source->specialization_key];
|
2019-10-14 02:10:31 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$source->id = substr($source->id, 0, -strlen($source->specialization_key) - 1);
|
|
|
|
} else {
|
|
|
|
foreach ($source->specialized_calls as $key => $map) {
|
2020-05-22 05:43:13 +02:00
|
|
|
if (isset($map[$source->id]) && isset($this->forward_edges[$source->id . '-' . $key])) {
|
2020-05-22 04:47:58 +02:00
|
|
|
$source->id = $source->id . '-' . $key;
|
|
|
|
}
|
|
|
|
}
|
2019-10-14 02:10:31 +02:00
|
|
|
}
|
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
if (!isset($this->forward_edges[$source->id])) {
|
2020-05-22 04:47:58 +02:00
|
|
|
continue;
|
|
|
|
}
|
2019-10-14 02:10:31 +02:00
|
|
|
}
|
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
foreach ($this->forward_edges[$source->id] as $to_id => [$added_taints, $removed_taints]) {
|
|
|
|
if (!isset($this->nodes[$to_id])) {
|
2020-05-22 04:47:58 +02:00
|
|
|
continue;
|
|
|
|
}
|
2019-10-14 02:10:31 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$new_taints = \array_unique(
|
|
|
|
\array_diff(
|
|
|
|
\array_merge($source_taints, $added_taints),
|
|
|
|
$removed_taints
|
|
|
|
)
|
|
|
|
);
|
2019-10-13 18:34:40 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
\sort($new_taints);
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
$destination_node = $this->nodes[$to_id];
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
if (isset($visited_source_ids[$to_id][implode(',', $new_taints)])) {
|
|
|
|
continue;
|
|
|
|
}
|
2019-10-14 04:05:16 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
if (isset($sinks[$to_id])) {
|
|
|
|
$matching_taints = array_intersect($sinks[$to_id]->taints, $new_taints);
|
|
|
|
|
|
|
|
if ($matching_taints && $source->code_location) {
|
|
|
|
if (IssueBuffer::accepts(
|
|
|
|
new TaintedInput(
|
|
|
|
'Detected tainted ' . implode(', ', $matching_taints)
|
|
|
|
. ' in path: ' . $this->getPredecessorPath($source)
|
|
|
|
. ' -> ' . $this->getSuccessorPath($sinks[$to_id]),
|
2020-05-22 05:43:13 +02:00
|
|
|
$sinks[$to_id]->code_location ?: $source->code_location
|
2020-05-22 04:47:58 +02:00
|
|
|
)
|
|
|
|
)) {
|
|
|
|
// fall through
|
|
|
|
}
|
|
|
|
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
2019-10-14 04:05:16 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$new_destination = clone $destination_node;
|
|
|
|
$new_destination->previous = $source;
|
|
|
|
$new_destination->taints = $new_taints;
|
|
|
|
$new_destination->specialized_calls = $source->specialized_calls;
|
2019-10-14 04:05:16 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$new_sources[$to_id] = $new_destination;
|
|
|
|
}
|
2019-10-14 04:05:16 +02:00
|
|
|
}
|
2019-10-13 18:34:40 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
/**
|
|
|
|
$new_sinks = [];
|
2019-10-14 04:05:16 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
foreach ($sinks as $sink) {
|
|
|
|
$sink_taints = $sink->taints;
|
|
|
|
\sort($sink_taints);
|
2019-10-14 04:05:16 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$visited_sink_ids[$sink->id][implode(',', $sink_taints)] = true;
|
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
if (!isset($this->backward_edges[$sink->id])) {
|
2020-05-22 04:47:58 +02:00
|
|
|
continue;
|
2019-10-13 18:34:40 +02:00
|
|
|
}
|
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
foreach ($this->backward_edges[$sink->id] as $from_id => [$added_taints, $removed_taints]) {
|
|
|
|
if (!isset($this->nodes[$from_id])) {
|
2020-05-22 04:47:58 +02:00
|
|
|
continue;
|
|
|
|
}
|
2019-10-13 18:34:40 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$new_taints = \array_unique(
|
|
|
|
\array_diff(
|
|
|
|
\array_merge($sink_taints, $added_taints),
|
|
|
|
$removed_taints
|
|
|
|
)
|
|
|
|
);
|
2019-10-13 18:34:40 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
\sort($new_taints);
|
2019-10-13 18:34:40 +02:00
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
$destination_node = $this->nodes[$from_id];
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
if (isset($visited_sink_ids[$from_id][implode(',', $new_taints)])) {
|
|
|
|
continue;
|
|
|
|
}
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
if (isset($sources[$from_id])) {
|
|
|
|
$matching_taints = array_intersect($sources[$from_id]->taints, $new_taints);
|
|
|
|
|
|
|
|
if ($matching_taints) {
|
|
|
|
if (IssueBuffer::accepts(
|
|
|
|
new TaintedInput(
|
|
|
|
'Detected taints ' . implode(', ', $matching_taints)
|
|
|
|
. ' in path: ' . $this->getPredecessorPath($sources[$from_id])
|
|
|
|
. ' -> ' . $this->getSuccessorPath($sink),
|
|
|
|
$sink->code_location
|
|
|
|
)
|
|
|
|
)) {
|
|
|
|
// fall through
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} elseif (isset($new_sources[$from_id])) {
|
|
|
|
$matching_taints = array_intersect($new_sources[$from_id]->taints, $new_taints);
|
|
|
|
|
|
|
|
if ($matching_taints) {
|
|
|
|
if (IssueBuffer::accepts(
|
|
|
|
new TaintedInput(
|
|
|
|
'Detected taints ' . implode(', ', $matching_taints)
|
|
|
|
. ' in path: ' . $this->getPredecessorPath($new_sources[$from_id])
|
|
|
|
. ' -> ' . $this->getSuccessorPath($sink),
|
|
|
|
$sink->code_location
|
|
|
|
)
|
|
|
|
)) {
|
|
|
|
// fall through
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 05:43:13 +02:00
|
|
|
$new_destination = clone $this->nodes[$from_id];
|
2020-05-22 04:47:58 +02:00
|
|
|
$new_destination->taints = $new_taints;
|
|
|
|
$new_destination->previous = $sink;
|
|
|
|
$new_destination->specialized_calls = $source->specialized_calls;
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$new_sinks[$from_id] = $new_destination;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$sinks = $new_sinks;
|
|
|
|
*/
|
2019-08-04 16:37:36 +02:00
|
|
|
|
2020-05-22 04:47:58 +02:00
|
|
|
$sources = $new_sources;
|
|
|
|
}
|
2019-08-04 16:37:36 +02:00
|
|
|
}
|
|
|
|
}
|