Exemple #1
0
def check(result):
    for type_, info in result:
        if type_ == CLASS:
            ctx = get_class_ctx(info)
            for node_info in get_magic_method(info):
                logger.debug(node_info['name'])
                ctx['chains'][node_info['name']] = []
                check_method(node_info, ctx=ctx)

            build_chains(context=ctx)
Exemple #2
0
def parser(filename):
    if not os.path.exists(filename):
        return {}

    with open(filename) as f:
        code = f.read()

    reload(phply.phplex)
    logger.debug('Parse file: %s' % filename)
    return export(make_parser().parse(code,
                                      lexer=phply.phplex.lexer,
                                      tracking=True))
Exemple #3
0
def check_method_call(node_info, ctx=None):
    if ctx is not None:
        if isinstance(node_info['name'], str):
            logger.debug('Method call: %s' % node_info['name'])

        if isinstance(node_info['name'], str):
            if node_info['name'] in ctx['evil_methods']:
                return node_info['name']

        if not node_info['name'] in ctx['parsed_methods']:
            if isinstance(node_info['name'], str):
                ctx['parsed_methods'].append(node_info['name'])
                check_method(ctx['methods'].get(node_info['name']), ctx=ctx)
                return check_method_call(node_info, ctx=ctx)
Exemple #4
0
def check_function_call(node_info, **kwargs):
    """check function call

    :return str or None
    """
    if node_info['name'] in DANGEROUS_FUNCTIONS or node_info[
            'name'] in USER_DEFINED_DANGEROUS_FUNCTION:
        logger.debug('Dangerous function call detected: %s' %
                     node_info['name'])
        return node_info['name']

    if node_info['name'] not in PARSED_FUNCTION:
        PARSED_FUNCTION.append(node_info['name'])
        func = get_function(node_info['name'])
        if not func:
            return

        check_function(func)
        return check_function_call(node_info)