linked up vulnerability reporter

lib/Phortress/Dephenses/Dephense.php

@@ -64,5 +64,4 @@ private static function isDephense($className) {
 	 */
 	public abstract function run(array $parseTree);
 
-	public abstract function runChecks(array $parseTree);
 }

lib/Phortress/Dephenses/Engine/VulnerabilityReporter.php

@@ -32,5 +32,6 @@ public function getVulnerabilityReport(){
 		foreach($this->vulnerabilityCheckers as $checker){
 			$report = array_merge($report, $checker->getMessages());
 		}
+		return $report;
 	}
 } 

lib/Phortress/Dephenses/Taint.php

@@ -7,9 +7,4 @@ public function run(array $parseTree) {
 
 		return $analyser->analyse();
 	}
-
-	public function runChecks(array $parseTree){
-		$analyser = new Taint\CodeAnalyser($parseTree);
-		return $analyser->runVulnerabilityChecks();
-	}
 }

lib/Phortress/Dephenses/Taint/CodeAnalyser.php

@@ -26,10 +26,7 @@ public function analyse(){
 	        $nodeTaintEnv = $nodeAnalyser->analyse($statement, $currentTaintEnv);
 	        $currentTaintEnv->updateTaintEnvironment($nodeTaintEnv);
         }
+	    return $vulnerabilityReporter->getVulnerabilityReport();
     }
 
-	public function runVulnerabilityChecks(){
-//		$sql_vul_finder = new SQLVulnerabilityFinder($this->parseTree);
-//		return $sql_vul_finder->findVulnerabilities();
-	}
 }

lib/Phortress/Dephenses/Taint/FunctionAnalyser.php

@@ -34,6 +34,7 @@ class FunctionAnalyser{
 	 */
 	protected $functionStmts;
 
+	protected $sinkFunctionCalls = array();
 
 	/**
 	 * Environment where the function was defined
@@ -72,23 +73,31 @@ private function analyseFunction(){
 			$currentTaintEnv->updateTaintEnvironment($nodeTaintEnv);
 		}
 		$this->returnStmtTaintResults = $funcNodeAnalyser->getReturnTaintResult();
+		$this->sinkFunctionCalls = $funcNodeAnalyser->getSinkFunctionCalls();
 	}
 
 	/**
 	 * Takes in an array of Node\Args[]
 	 * Returns an array containing taint value of the value returned by the function,
 	 * and the array of sanitising functions applied
 	 */
-	public function analyseFunctionCall($argMappings){
+	public function analyseFunctionCall($argMappings, $reporter = null){
 		$paramTaintMappings = $this->getParametersToTaintResultMappings($argMappings);
 		$result = new TaintResult(Annotation::UNASSIGNED);
 		foreach($this->returnStmts as $retStmt){
 			$retStmtResult = $this->analyseArgumentsEffectOnReturnStmt($paramTaintMappings, $retStmt);
 			$result->merge($retStmtResult);
 		}
+		if(!empty($reporter)){
+			$this->checkSinkFunctionCalls($argMappings, $reporter);
+		}
 		return $result;
 	}
 
+	private function checkSinkFunctionCalls($argMappings, $reporter){
+
+	}
+
 	private function analyseArgumentsEffectOnReturnStmt($argTaints, Stmt\Return_ $return){
 		$retTaint = $this->returnStmtTaintResults[$return->getLine()];
 		if(empty($retTaint)){

lib/Phortress/Dephenses/Taint/FunctionNodeAnalyser.php

@@ -20,6 +20,11 @@ class FunctionNodeAnalyser extends NodeAnalyser{
 	protected $functionParams = array();
 	protected $returnResults = array();
 
+	/**
+	 * array(int lineNumber => FuncCall functionCall)
+	 */
+	protected $sinkFunctionCalls = array();
+
 	public function __construct($params){
 		$this->functionParams = $params;
 	}
@@ -28,6 +33,10 @@ protected function createTaintResult($taint, $sanitising_funcs = array()){
 		return new FunctionTaintResult($taint, $sanitising_funcs);
 	}
 
+	public function getSinkFunctionCalls(){
+		return $this->sinkFunctionCalls;
+	}
+
 	private function isFunctionParameter($name){
 		foreach($this->functionParams as $param){
 			if($param->name === $name){
@@ -53,8 +62,12 @@ protected function resolveVariableTaint(Variable $var){
 	}
 
 	protected function resolveFuncResultTaint(FuncCall $exp){
-		$result = parent::resolveFuncResultTaint($exp);
 		$args = $exp->args;
+		if(Sinks::isSinkFunction($exp)){
+			$this->sinkFunctionCalls[$exp->getLine()] = $exp;
+			return;
+		}
+		$result = parent::resolveFuncResultTaint($exp);
 		foreach($args as $arg){
 			$argExpName = $arg->value->name;
 			$this->addAffectingParameterToAnalysisResult($result, $argExpName);
@@ -111,11 +124,4 @@ private function addReturnTaintResult(Return_ $ret, FunctionTaintResult $result)
 	public function getReturnTaintResult(){
 		return $this->returnResults;
 	}
-//	protected function mergeAnalysisResults(array $results){
-//		$mergeResult = self::createTaintResult(Annotation::UNASSIGNED);
-//		foreach($results as $result){
-//			$mergeResult->merge($result);
-//		}
-//		return $result;
-//	}
 } 

lib/Phortress/Dephenses/Taint/NodeAnalyser.php

@@ -278,7 +278,7 @@ protected function resolveFuncResultTaint(Expr\FuncCall $exp){
 		}else{
 			$func_analyser = FunctionAnalyser::getFunctionAnalyser($exp->environment, $func_name);
 			$args_with_taints = $this->getArgumentsTaintValuesForAnalysis($exp->args);
-			$analysis_res = $func_analyser->analyseFunctionCall($args_with_taints);
+			$analysis_res = $func_analyser->analyseFunctionCall($args_with_taints, $this->vulnerabilityReporter);
 			return $analysis_res;
 		}
 	}

lib/Phortress/Program.php

@@ -151,7 +151,7 @@ public function verify(array $dephenses = null) {
 
 		$errors = array();
 		foreach ($dephenses as $dephense) {
-			$errors += $dephense->runChecks($this->parseTree);
+			$errors += $dephense->run($this->parseTree);
 		}
 
 		return $errors;