Skip to content
Permalink
Browse files

Do more taint creation for magic properties

  • Loading branch information...
muglug committed Aug 6, 2019
1 parent 37d9314 commit fc8d2bd563e48b65675646d24de590ef2c8f7013
@@ -417,6 +417,8 @@ public static function analyzeInstance(
* not in that list, fall through
*/
if (!$var_id || !$class_storage->sealed_properties) {
self::taintProperty($statements_analyzer, $stmt, $property_id, $assignment_value_type);
continue;
}
@@ -27,36 +27,44 @@ class Taint
/**
* @var array<string, ?TypeSource>
*/
private $previous_sinks = [];
private static $previous_sinks = [];
/**
* @var array<string, ?TypeSource>
*/
private $previous_sources = [];
private static $previous_sources = [];
/**
* @var array<string, ?TypeSource>
*/
private $archived_sinks = [];
private static $archived_sinks = [];
/**
* @var array<string, ?TypeSource>
*/
private $archived_sources = [];
private static $archived_sources = [];
/**
* @var array<string, array<string>>
*/
private $specializations = [];
public function __construct()
{
self::$previous_sinks = [];
self::$previous_sources = [];
self::$archived_sinks = [];
self::$archived_sources = [];
}
public function hasExistingSink(TypeSource $source) : ?TypeSource
{
return $this->archived_sinks[$source->id] ?? null;
return self::$archived_sinks[$source->id] ?? null;
}
public function hasExistingSource(TypeSource $source) : ?TypeSource
{
return $this->archived_sources[$source->id] ?? null;
return self::$archived_sources[$source->id] ?? null;
}
/**
@@ -68,15 +76,15 @@ public function hasPreviousSink(TypeSource $source, ?array &$suffixes = null) :
$suffixes = $this->specializations[$source->id];
foreach ($suffixes as $suffix) {
if (isset($this->previous_sinks[$source->id . '-' . $suffix])) {
if (isset(self::$previous_sinks[$source->id . '-' . $suffix])) {
return true;
}
}
return false;
}
return isset($this->previous_sinks[$source->id]);
return isset(self::$previous_sinks[$source->id]);
}
/**
@@ -88,15 +96,15 @@ public function hasPreviousSource(TypeSource $source, ?array &$suffixes = null)
$suffixes = $this->specializations[$source->id];
foreach ($suffixes as $suffix) {
if (isset($this->previous_sources[$source->id . '-' . $suffix])) {
if (isset(self::$previous_sources[$source->id . '-' . $suffix])) {
return true;
}
}
return false;
}
return isset($this->previous_sources[$source->id]);
return isset(self::$previous_sources[$source->id]);
}
public function addSpecialization(string $base_id, string $suffix) : void
@@ -146,7 +154,7 @@ public function getPredecessorPath(TypeSource $source) : string
$source_descriptor = $source->id
. ($source->code_location ? ' (' . $source->code_location->getShortSummary() . ')' : '');
if ($previous_source = $this->new_sources[$source->id] ?? $this->archived_sources[$source->id] ?? null) {
if ($previous_source = $this->new_sources[$source->id] ?? self::$archived_sources[$source->id] ?? null) {
if ($previous_source === $source) {
throw new \UnexpectedValueException('bad');
}
@@ -162,7 +170,7 @@ public function getSuccessorPath(TypeSource $source) : string
$source_descriptor = $source->id
. ($source->code_location ? ' (' . $source->code_location->getShortSummary() . ')' : '');
if ($next_source = $this->new_sinks[$source->id] ?? $this->archived_sinks[$source->id] ?? null) {
if ($next_source = $this->new_sinks[$source->id] ?? self::$archived_sinks[$source->id] ?? null) {
return $source_descriptor . ' -> ' . $this->getSuccessorPath($next_source);
}
@@ -230,21 +238,21 @@ public function addThreadData(self $taint) : void
public function clearNewSinksAndSources() : void
{
$this->archived_sinks = array_merge(
$this->archived_sinks,
self::$archived_sinks = array_merge(
self::$archived_sinks,
$this->new_sinks
);
$this->previous_sinks = $this->new_sinks;
self::$previous_sinks = $this->new_sinks;
$this->new_sinks = [];
$this->archived_sources = array_merge(
$this->archived_sources,
self::$archived_sources = array_merge(
self::$archived_sources,
$this->new_sources
);
$this->previous_sources = $this->new_sources;
self::$previous_sources = $this->new_sources;
$this->new_sources = [];
}

0 comments on commit fc8d2bd

Please sign in to comment.
You can’t perform that action at this time.