def generateWithType(self, urf, params):
file = File()
# Coherence test
for param in params:
if (isinstance(param, Sanitize) and param.constraintType != ""):
for param2 in params:
if (isinstance(param2, Construction) and
(param.constraintType != param2.constraintType)):
return
if (isinstance(param, Sanitize) and param.constraintField != ""):
for param2 in params:
if (isinstance(param2, Construction) and
(param.constraintField != param2.constraintField)):
return
# retreve parameters for safety test
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2, urf + "_URF")
flawCwe = {"CWE_601": "Open_Redirect"}
# Creates folder tree and sample files if they don't exists
file.addPath("PHPTestSuite_" + self.date)
file.addPath("URF")
file.addPath(urf)
# sort by safe/unsafe
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, urf))
file.addContent("<?php\n")
#file.addContent("/*\n")
# Adds comments
file.addContent("/* \n" +
("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("*/\n\n")
# Gets copyright header from file
header = open("./rights_PHP.txt", "r")
copyright = header.readlines()
header.close()
# Writes copyright statement in the sample file
file.addContent("\n\n")
for line in copyright:
file.addContent(line)
# Writes the code in the sample file
file.addContent("\n\n")
for param in params:
if not safe and isinstance(param, Construction):
file.addContent("//flaw\n") #add this comment if not safe
for line in param.code:
file.addContent(line)
file.addContent("\n\n")
#if injection != "eval" and injection != "include_require":
# #Gets query execution code
# footer = open("./execQuery_" + injection + ".txt", "r")
# execQuery = footer.readlines()
# footer.close()
# #Adds the code for query execution
# for line in execQuery:
# file.addContent(line)
file.addContent("\n\n?>")
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" +
file.getName())
for param in params:
if isinstance(param, InputSample):
self.manifest.beginTestCase(param.inputType)
break
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(),
flawLine)
self.manifest.endTestCase()
return file
def f_decorator(params, decorators, i):
loop_alert = 0
global function_cpt
global class_cpt
global file_cpt
global postOp
previous = None
previous_var = ""
# print(decorators)
for d in reversed(decorators[i]):
if d.get("type") == "if":
types = [Construction, Sanitize, InputSample]
if type(params[i]) not in types:
continue
# XSS construction sample codes can't use this decorator
if isinstance(params[i], Construction) and "CWE_79_XSS" in params[i].flaws:
continue
if "function" in params[i].code or "class" in params[i].code:
continue
params[i].code[0] = params[i].code[0].replace("\n", "\n\t")
params[i].code[0] = "if(True){\n\t" + params[i].code[0] + "\n}\n"
elif d.get("type") == "loop":
types = [Construction, Sanitize, InputSample]
if type(params[i]) not in types:
continue
# XSS construction code can't use this decorator
if isinstance(params[i], Construction) and "CWE_79_XSS" in params[i].flaws:
continue
if "function" in params[i].code or "class" in params[i].code:
continue
if d.get("kind") == "while":
params[i].code[0] = params[i].code[0].replace("\n", "\n\t")
params[i].code[0] = "\n$loop_cpt=0;\nwhile($loop_cpt++<10){\n\t" + params[i].code[0]
params[i].code[-1] += "\n}\n"
elif d.get("kind") == "for":
params[i].code[0] = params[i].code[0].replace("\n", "\n\t")
params[i].code[0] = "\nfor($loop_cpt=0;$loop_cpt<10;$loop_cpt++){\n\t" + params[i].code[0]
params[i].code[-1] += "\n}\n"
else:
if loop_alert == 0:
print("loop type not specified so it will be ignored for " + str(
type(params[i])) + " (possible options: for,while)")
loop_alert = 1
elif d.get("type") == "function":
types = [Construction, Sanitize, InputSample]
if type(params[i]) not in types:
continue
if isinstance(params[i], Construction) and "CWE_79_XSS" in params[i].flaws:
continue
if previous is not None and previous.get("type") in ["function", "class"]:
print("you can't instantiate function in loop/conditional/function/class structures")
exit(1)
else:
var = re.findall("(\$[a-zA-Z_]+) ?= ?.*", params[i].code[0], re.I)
params[i].code[0] = params[i].code[0].replace("\n", "\n\t")
name = ""
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
for value in set(param.flaws).intersection(param2.flaws):
name = value
name += "__"
for param in params:
for dir in param.path:
name += dir
if len(var) > 0:
var = var[-1]
params[i].code[-1] += "\n\treturn " + str(var) + ";\n}\n" + str(
var) + " = " + name + "_function" + str(
function_cpt) + "($tainted);\n"
else:
if previous is not None and previous.get("type") == "file" and previous_var != "":
params[i].code[-1] += "\n\treturn " + str(previous_var) + ";\n}\n" + str(
previous_var) + " = " + name + "_function" + str(
function_cpt) + "($tainted);\n"
previous_var = ""
else:
params[i].code[-1] += "\n}\n" + "$f_function_var = " + name + "_function" + str(
function_cpt) + "($tainted);\n"
params[i].code[0] = "\nfunction " + name + "_function" + str(function_cpt) + "($tainted){\n\t" + \
params[i].code[0]
function_cpt += 1
elif d.get("type") == "class":
types = [Construction, Sanitize, InputSample]
if type(params[i]) not in types:
continue
if isinstance(params[i], Construction) and "CWE_79_XSS" in params[i].flaws:
continue
if previous is not None and previous.get("type") in ["loop", "if", "function", "class"]:
print("you can't instantiate class in loop/conditional/function/class structures")
exit(1)
else:
var = re.findall("(\$[a-zA-Z_]+) ?= ?.*", params[i].code[0], re.I)
params[i].code[0] = params[i].code[0].replace("\n", "\n\t\t")
name = ""
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
for value in set(param.flaws).intersection(param2.flaws):
name = value
name += "__"
for param in params:
for dir in param.path:
name += dir
params[i].code[0] = "\nclass " + name + "_class" + str(class_cpt) + "{" + \
"\n\tprivate $_data;" + \
"\n\tpublic function __construct($data){" + \
"\n\t\t$this->setData($data);" + \
"\n\t}" + \
"\n\tpublic function setData($data){" + \
"\n\t\t$this->_data = $data;" + \
"\n\t}" + \
"\n\tpublic function a(){" + \
"\n\t\t$tainted = $this->_data;" + \
"\n\t\t" + params[i].code[0]
if len(var) > 0:
var = var[-1]
params[i].code[-1] += "\n\t\treturn " + str(
var) + ";\n\t}\n}\n" + "$a = new " + name + "_class" + str(
class_cpt) + "($tainted);\n" + str(var) + " = $a->a();\n"
else:
if previous is not None and previous.get("type") == "file" and previous_var != "":
params[i].code[-1] += "\n\t\treturn " + str(
previous_var) + ";\n\t}\n}\n" + "$a = new " + name + "_class" + str(
class_cpt) + "($tainted);\n" + str(previous_var) + " = $a->a();\n"
previous_var = ""
else:
params[i].code[-1] += "\n\t}\n}\n" + "$f_class_var = new " + name + "_class" + str(
class_cpt) + "($tainted);\n$f_class_var = $f_class_var->a();\n"
class_cpt += 1
elif d.get("type") == "file":
types = [Construction, Sanitize, InputSample]
if type(params[i]) not in types:
continue
if isinstance(params[i], Construction) and "CWE_79_XSS" in params[i].flaws:
continue
else:
file = File()
file.addContent("<?php\n")
header = open("./rights_PHP.txt", "r")
copyright = header.readlines()
for line in copyright:
file.addContent(line)
var = re.findall("(\$[a-zA-Z_]+) ?= ?.*", params[i].code[0], re.I)
if len(var) > 0:
previous_var = var[-1]
file.addContent(params[i].code[0])
file.addContent("\n?>")
name = ""
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
for value in set(param.flaws).intersection(param2.flaws):
name = value
for param in params:
name += "__"
for dir in param.path:
name += dir + "-"
name = name[:-1]
type_param = ""
if isinstance(params[i], InputSample):
type_param = "input"
elif isinstance(params[i], Sanitize):
type_param = "sanitize"
elif isinstance(params[i], Construction):
type_param = "construction"
file.setName(name + "__" + type_param + "_" + str(file_cpt))
params[i].code[0] = "\ninclude_once(\"" + file.getName() + "\");\n"
postOp.append(file)
file_cpt += 1
previous = d
def generateWithType(self, sm, params):
file = File()
# test if the samples need to be generated
if self.revelancyTest(params) == 0:
return None
# retrieve parameters for safety test
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2, sm + "_SM")
# Creates folder tree and sample files if they don't exists
file.addPath("generation_" + self.date)
file.addPath("SM")
file.addPath(sm)
# sort by safe/unsafe
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, sm))
file.addContent("<?php\n")
# Adds comments
file.addContent("/* \n" +
("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("*/\n\n")
# Gets copyright header from file
header = open("./rights_PHP.txt", "r")
copyright = header.readlines()
header.close()
# Writes copyright statement in the sample file
file.addContent("\n\n")
for line in copyright:
file.addContent(line)
# Writes the code in the sample file
file.addContent("\n\n")
for param in params:
for line in param.code:
file.addContent(line)
file.addContent("\n\n")
file.addContent("\n\n?>")
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" +
file.getName())
self.manifest.beginTestCase("Error_message")
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(),
flawLine)
self.manifest.endTestCase()
return file
def generateWithType(self, IDOR, params):
file = File()
#Build constraints
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2, IDOR + "_IDOR") # 1 : safe ,0 : unsafe
flawCwe = {"CWE_862_SQL": "SQL",
"CWE_862_Fopen": "fopen",
"CWE_862_XPath": "XPath"
}
#Creates folder tree and sample files if they don't exists
file.addPath("PHPTestSuite_"+self.date)
file.addPath("IDOR")
file.addPath(IDOR)
#sort by safe/unsafe
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, IDOR))
file.addContent("<?php\n")
file.addContent("/*\n")
#Adds comments
file.addContent("/* \n" + ("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("*/\n\n")
# Gets copyright header from file
header = open("./rights_PHP.txt", "r")
copyright = header.readlines()
header.close()
#Writes copyright statement in the sample file
file.addContent("\n\n")
for line in copyright:
file.addContent(line)
#Writes the code in the sample file
file.addContent("\n\n")
for param in params:
for line in param.code:
file.addContent(line)
file.addContent("\n\n")
if flawCwe[IDOR] != "fopen":
for param in params:
if isinstance(param, Construction):
if param.prepared == 0 or flawCwe[IDOR] == "XPath":
fileQuery = open("./execQuery_" + flawCwe[IDOR] + ".txt", "r")
execQuery = fileQuery.readlines()
fileQuery.close()
for line in execQuery:
file.addContent(line)
else:
fileQuery = open("./execQuery_" + flawCwe[IDOR] + "_prepared.txt", "r")
execQueryPrepared = fileQuery.readlines()
fileQuery.close()
for line in execQueryPrepared:
file.addContent(line)
file.addContent("\n ?>")
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" + file.getName())
for param in params:
if isinstance(param, InputSample):
self.manifest.beginTestCase(param.inputType)
break
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(), flawLine)
self.manifest.endTestCase()
return file
def generateWithType(self, urf, params):
file = File()
# Coherence test
for param in params:
if (isinstance(param, Sanitize) and param.constraintType != ""):
for param2 in params:
if (isinstance(param2, Construction) and (param.constraintType != param2.constraintType)):
return
if (isinstance(param, Sanitize) and param.constraintField != ""):
for param2 in params:
if (isinstance(param2, Construction) and (param.constraintField != param2.constraintField)):
return
# retreve parameters for safety test
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2, urf + "_URF")
flawCwe = {"CWE_601": "Open_Redirect"
}
# Creates folder tree and sample files if they don't exists
file.addPath("PHPTestSuite_"+self.date)
file.addPath("URF")
file.addPath(urf)
# sort by safe/unsafe
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, urf))
file.addContent("<?php\n")
#file.addContent("/*\n")
# Adds comments
file.addContent("/* \n" + ("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("*/\n\n")
# Gets copyright header from file
header = open("./rights_PHP.txt", "r")
copyright = header.readlines()
header.close()
# Writes copyright statement in the sample file
file.addContent("\n\n")
for line in copyright:
file.addContent(line)
# Writes the code in the sample file
file.addContent("\n\n")
for param in params:
if not safe and isinstance(param, Construction) :
file.addContent("//flaw\n") #add this comment if not safe
for line in param.code:
file.addContent(line)
file.addContent("\n\n")
#if injection != "eval" and injection != "include_require":
# #Gets query execution code
# footer = open("./execQuery_" + injection + ".txt", "r")
# execQuery = footer.readlines()
# footer.close()
# #Adds the code for query execution
# for line in execQuery:
# file.addContent(line)
file.addContent("\n\n?>")
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" + file.getName())
for param in params:
if isinstance(param, InputSample):
self.manifest.beginTestCase(param.inputType)
break
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(), flawLine)
self.manifest.endTestCase()
return file
def generate(self, params):
file = File()
# retrieve parameters for safety test
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2, "CWE_79_XSS")
# Creates folder tree and sample files if they don't exists
file.addPath("PHPTestSuite_" + self.date)
file.addPath("XSS")
file.addPath("CWE_79")
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, "CWE_79"))
# Adds comments
file.addContent("<!-- \n" +
("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("-->\n\n")
# Writes copyright statement in the sample file
for line in copyright:
file.addContent(line)
# Writes the code in the sample file
file.addContent("\n\n")
out = ""
tmp = ""
for param in params:
if isinstance(param, Construction):
for line in open(param.code[0], "r").readlines():
tmp += line
out = tmp + out
tmp = ""
if not safe and isinstance(param, Construction):
tmp = "//flaw" #add this comment if not safe
for line in open(param.code[1], "r").readlines():
tmp += line
else:
for line in param.code:
out += line
out += "\n\n"
#file.addContent("\n\n")
file.addContent(out + tmp)
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" +
file.getName())
for param in params:
if isinstance(param, InputSample):
self.manifest.beginTestCase(param.inputType)
break
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(),
flawLine)
self.manifest.endTestCase()
return file
def generateWithType(self, injection, params):
file = File()
# test if the samples need to be generated
if self.revelancyTest(params) == 0:
return None
# Coherence test
for param in params:
if (isinstance(param, Sanitize) and param.constraintType != ""):
for param2 in params:
if (isinstance(param2, Construction) and
(param.constraintType != param2.constraintType)):
return
if (isinstance(param, Sanitize) and param.constraintField != ""):
for param2 in params:
if (isinstance(param2, Construction) and
(param.constraintField != param2.constraintField)):
return
# retreve parameters for safety test
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2,
injection + "_Injection")
flawCwe = {
"CWE_78": "OSCommand",
"CWE_91": "XPath",
"CWE_90": "LDAP",
"CWE_89": "SQL",
"CWE_95": "eval",
"CWE_98": "include_require"
}
# Creates folder tree and sample files if they don't exists
file.addPath("generation_" + self.date)
file.addPath("Injection")
file.addPath(injection)
# sort by safe/unsafe
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, injection))
file.addContent("<?php\n")
# Adds comments
file.addContent("/* \n" +
("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("*/\n\n")
# Gets copyright header from file
header = open("./rights_PHP.txt", "r")
copyright = header.readlines()
header.close()
# Writes copyright statement in the sample file
file.addContent("\n\n")
for line in copyright:
file.addContent(line)
# Writes the code in the sample file
file.addContent("\n\n")
for param in params:
for line in param.code:
file.addContent(line)
file.addContent("\n\n")
if injection != "CWE_98":
#Gets query execution code
footer = open("./execQuery_" + flawCwe[injection] + ".txt", "r")
execQuery = footer.readlines()
footer.close()
#Adds the code for query execution
for line in execQuery:
file.addContent(line)
file.addContent("\n\n?>")
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" +
file.getName())
for param in params:
if isinstance(param, InputSample):
self.manifest.beginTestCase(param.inputType)
break
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(),
flawLine)
self.manifest.endTestCase()
return file
def generate(self, params):
file = File()
# retrieve parameters for safety test
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2, "CWE_79_XSS")
# Creates folder tree and sample files if they don't exists
file.addPath("PHPTestSuite_"+self.date)
file.addPath("XSS")
file.addPath("CWE_79")
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, "CWE_79"))
# Adds comments
file.addContent("<!-- \n" + ("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("-->\n\n")
# Writes copyright statement in the sample file
for line in copyright:
file.addContent(line)
# Writes the code in the sample file
file.addContent("\n\n")
out = ""
tmp = ""
for param in params:
if isinstance(param, Construction):
for line in open(param.code[0], "r").readlines():
tmp += line
out = tmp + out
tmp = ""
if not safe and isinstance(param, Construction) :
tmp = "//flaw" #add this comment if not safe
for line in open(param.code[1], "r").readlines():
tmp += line
else:
for line in param.code:
out += line
out += "\n\n"
#file.addContent("\n\n")
file.addContent(out + tmp)
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" + file.getName())
for param in params:
if isinstance(param, InputSample):
self.manifest.beginTestCase(param.inputType)
break
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(), flawLine)
self.manifest.endTestCase()
return file
def generateWithType(self, sde, params):
file = File()
# test if the samples need to be generated
if self.revelancyTest(params) == 0:
return None
# retreve parameters for safety test
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2, sde + "_SDE")
# Creates folder tree and sample files if they don't exists
file.addPath("generation_" + self.date)
file.addPath("SDE")
file.addPath(sde)
# sort by safe/unsafe
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, sde))
file.addContent("<?php\n")
#file.addContent("/*\n")
# Adds comments
file.addContent("/* \n" +
("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("*/\n\n")
# Gets copyright header from file
header = open("./rights_PHP.txt", "r")
copyright = header.readlines()
header.close()
# Writes copyright statement in the sample file
file.addContent("\n\n")
for line in copyright:
file.addContent(line)
# Writes the code in the sample file
file.addContent("\n\n")
for param in params:
for line in param.code:
file.addContent(line)
file.addContent("\n\n")
#if injection != "eval" and injection != "include_require":
# #Gets query execution code
# footer = open("./execQuery_" + injection + ".txt", "r")
# execQuery = footer.readlines()
# footer.close()
# #Adds the code for query execution
# for line in execQuery:
# file.addContent(line)
file.addContent("\n\n?>")
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" +
file.getName())
#for param in params:
# if isinstance(param, InputSample):
# self.manifest.beginTestCase(param.inputType)
# break
self.manifest.beginTestCase("Sensitive_data")
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(),
flawLine)
self.manifest.endTestCase()
return file
def generateWithType(self, IDOR, params):
file = File()
#Build constraints
safe = None
for param in params:
if isinstance(param, Construction):
for param2 in params:
if isinstance(param2, Sanitize):
safe = self.testSafety(param, param2, IDOR + "_IDOR") # 1 : safe ,0 : unsafe
flawCwe = {"CWE_862_SQL": "SQL",
"CWE_862_Fopen": "fopen",
"CWE_862_XPath": "XPath"
}
#Creates folder tree and sample files if they don't exists
file.addPath("PHPTestSuite_"+self.date)
file.addPath("IDOR")
file.addPath(IDOR)
#sort by safe/unsafe
file.addPath("safe" if safe else "unsafe")
file.setName(self.generateFileName(params, IDOR))
file.addContent("<?php\n")
file.addContent("/*\n")
#Adds comments
file.addContent("/* \n" + ("Safe sample\n" if safe else "Unsafe sample\n"))
for param in params:
file.addContent(param.comment + "\n")
file.addContent("*/\n\n")
# Gets copyright header from file
header = open("./rights_PHP.txt", "r")
copyright = header.readlines()
header.close()
#Writes copyright statement in the sample file
file.addContent("\n\n")
for line in copyright:
file.addContent(line)
#Writes the code in the sample file
file.addContent("\n\n")
for param in params:
if not safe and isinstance(param, Construction) :
file.addContent("//flaw\n") #add this comment if not safe
for line in param.code:
file.addContent(line)
file.addContent("\n\n")
if flawCwe[IDOR] != "fopen":
for param in params:
if isinstance(param, Construction):
if param.prepared == 0 or flawCwe[IDOR] == "XPath":
fileQuery = open("./execQuery_" + flawCwe[IDOR] + ".txt", "r")
execQuery = fileQuery.readlines()
fileQuery.close()
for line in execQuery:
file.addContent(line)
else:
fileQuery = open("./execQuery_" + flawCwe[IDOR] + "_prepared.txt", "r")
execQueryPrepared = fileQuery.readlines()
fileQuery.close()
for line in execQueryPrepared:
file.addContent(line)
file.addContent("\n ?>")
FileManager.createFile(file)
flawLine = 0 if safe else self.findFlaw(file.getPath() + "/" + file.getName())
for param in params:
if isinstance(param, InputSample):
self.manifest.beginTestCase(param.inputType)
break
self.manifest.addFileToTestCase(file.getPath() + "/" + file.getName(), flawLine)
self.manifest.endTestCase()
return file