search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Adding tests for securing private variable inclussion on templates.
[akelos.git] / vendor / PHPCodeAnalyzer / PHPCodeAnalyzer.php
bloba0f518aeb98d5e10f860f32689b2ae8a786e9af5
1 <?php
2 /**
3 * A class for performing code analysis for php scripts
4 * It is designed to be the heart of a code limiting script
5 * to use with Savant {@link http://phpsavant.com}
6 *
7 * This code should be php4 compatiable but i've only run it in php5 and some of the Tokenizer constants have changed
8 *
9 * @author Joshua Eichorn <josh@bluga.net>
10 * @copyright Joshua Eichorn 2004
11 * @package PHPCodeAnalyzer
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU Lesser General Public License as
15 * published by the Free Software Foundation; either version 2.1 of the
16 * License, or (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Lesser General Public License for more details.
22 *
23 * @license http://www.gnu.org/copyleft/lesser.html LGPL
24 */
25
26 /**#@+
27 * compat tokeniezer defines
28 */
29 if (! defined('T_OLD_FUNCTION')) {
30 define('T_OLD_FUNCTION', T_FUNCTION);
31 }
32 if (!defined('T_ML_COMMENT')) {
33 define('T_ML_COMMENT', T_COMMENT);
34 } else {
35 define('T_DOC_COMMENT', T_ML_COMMENT);
36 }
37 /**#@-*/
38
39 /**
40 * Code Analysis class
41 *
42 * Example Usage:
43 * <code>
44 * $analyzer = new PHPCodeAnalyzer();
45 * $analyzer->source = file_get_contents(__FILE__);
46 * $analyzer->analyze();
47 * print_r($analyzer->calledMethods);
48 * </code>
49 *
50 * @todo is it important to grab the details from creating new functions defines classes?
51 * @todo support php5 only stuff like interface
52 *
53 * @version 0.4
54 * @license http://www.gnu.org/copyleft/lesser.html LGPL
55 * @copyright Joshua Eichorn 2004
56 * @package PHPCodeAnalyzer
57 * @author Joshua Eichorn <josh@bluga.net>
58 */
59 class PHPCodeAnalyzer
60 {
61 /**
62 * Source code to analyze
63 */
64 var $source = "";
65
66 /**
67 * functions called
68 */
69 var $calledFunctions = array();
70
71 /**
72 * Called constructs
73 */
74 var $calledConstructs = array();
75
76 /**
77 * methods called
78 */
79 var $calledMethods = array();
80
81 /**
82 * static methods called
83 */
84 var $calledStaticMethods = array();
85
86 /**
87 * new classes instantiated
88 */
89 var $classesInstantiated = array();
90
91 /**
92 * variables used
93 */
94 var $usedVariables = array();
95
96 /**
97 * member variables used
98 */
99 var $usedMemberVariables = array();
100
101 /**
102 * classes created
103 */
104 var $createdClasses = array();
105
106 /**
107 * functions created
108 */
109 var $createdFunctions = array();
110
111 /**
112 * Files includes or requried
113 */
114 var $filesIncluded = array();
115
116 // private variables
117 /**#@+
118 * @access private
119 */
120 var $currentString = null;
121 var $currentStrings = null;
122 var $currentVar = false;
123 var $staticClass = false;
124 var $inNew = false;
125 var $inInclude = false;
126 var $lineNumber = 1;
127 /**#@-*/
128
129 /**
130 * parse source filling informational arrays
131 */
132 function analyze()
133 {
134 $tokens = token_get_all($this->source);
135
136 // mapping of token to method to call
137 $handleMap = array(
138 T_STRING => 'handleString',
139 T_CONSTANT_ENCAPSED_STRING => 'handleString',
140 T_ENCAPSED_AND_WHITESPACE => 'handleString',
141 T_CHARACTER => 'handleString',
142 T_NUM_STRING => 'handleString',
143 T_DNUMBER => 'handleString',
144 T_FUNC_C => 'handleString',
145 T_CLASS_C => 'handleString',
146 T_FILE => 'handleString',
147 T_LINE => 'handleString',
148 T_DOUBLE_ARROW => 'handleString',
149
150 T_ARRAY => 'handleClearStrings',
151 T_CONCAT_EQUAL => 'handleClearStrings',
152
153 T_DOUBLE_COLON => 'handleDoubleColon',
154 T_NEW => 'handleNew',
155 T_OBJECT_OPERATOR => 'handleObjectOperator',
156 T_VARIABLE => 'handleVariable',
157 T_FUNCTION => 'handleFunction',
158 T_OLD_FUNCTION => 'handleFunction',
159 T_CLASS => 'handleClass',
160 T_WHITESPACE => 'handleWhitespace',
161 T_INLINE_HTML => 'handleWhitespace',
162 T_OPEN_TAG => 'handleWhitespace',
163 T_CLOSE_TAG => 'handleWhitespace',
164
165 T_AS => 'handleAs',
166
167 T_ECHO => 'handleConstruct',
168 T_EVAL => 'handleConstruct',
169 T_UNSET => 'handleConstruct',
170 T_ISSET => 'handleConstruct',
171 T_PRINT => 'handleConstruct',
172 T_FOR => 'handleConstruct',
173 T_FOREACH=> 'handleConstruct',
174 T_EMPTY => 'handleConstruct',
175 T_EXIT => 'handleConstruct',
176 T_CASE => 'handleConstruct',
177 T_GLOBAL=> 'handleConstruct',
178 T_UNSET => 'handleConstruct',
179 T_WHILE => 'handleConstruct',
180 T_DO => 'handleConstruct',
181 T_IF => 'handleConstruct',
182 T_LIST => 'handleConstruct',
183 T_RETURN=> 'handleConstruct',
184 T_STATIC=> 'handleConstruct',
185 T_ENDFOR=> 'handleConstruct',
186 T_ENDFOREACH=> 'handleConstruct',
187 T_ENDIF=> 'handleConstruct',
188 T_ENDSWITCH=> 'handleConstruct',
189 T_ENDWHILE=> 'handleConstruct',
190
191 T_INCLUDE => 'handleInclude',
192 T_INCLUDE_ONCE => 'handleInclude',
193 T_REQUIRE => 'handleInclude',
194 T_REQUIRE_ONCE => 'handleInclude',
195 );
196
197 foreach($tokens as $token)
198 {
199 if (is_string($token))
200 {
201 // we have a simple 1-character token
202 $this->handleSimpleToken($token);
203 }
204 else
205 {
206 list($id, $text) = $token;
207 if (isset($handleMap[$id]))
208 {
209 $call = $handleMap[$id];
210 $this->$call($id,$text);
211 }
212 /*else * /
213 {
214 echo token_name($id).": $text<br>\n";
215 } /* */
216 }
217 }
218 }
219
220 /**
221 * Handle a 1 char token
222 * @access private
223 */
224 function handleSimpleToken($token)
225 {
226 if ($token !== ";")
227 {
228 $this->currentStrings .= $token;
229 }
230 switch($token)
231 {
232 case "(":
233 // method is called
234 if ($this->staticClass !== false)
235 {
236 if (!isset($this->calledStaticMethods[$this->staticClass][$this->currentString]))
237 {
238 $this->calledStaticMethods[$this->staticClass][$this->currentString]
239 = array();
240 }
241 $this->calledStaticMethods[$this->staticClass][$this->currentString][]
242 = $this->lineNumber;
243 $this->staticClass = false;
244 }
245 else if ($this->currentVar !== false)
246 {
247 if (!isset($this->calledMethods[$this->currentVar][$this->currentString]))
248 {
249 $this->calledMethods[$this->currentVar][$this->currentString] = array();
250 }
251 $this->calledMethods[$this->currentVar][$this->currentString][] = $this->lineNumber;
252 $this->currentVar = false;
253 }
254 else if ($this->inNew !== false)
255 {
256 $this->classInstantiated();
257 }
258 else if ($this->currentString !== null)
259 {
260 $this->functionCalled();
261 }
262 //$this->currentString = null;
263 break;
264 case "=":
265 case ";":
266 if ($this->inNew !== false)
267 {
268 $this->classInstantiated();
269 }
270 else if ($this->inInclude !== false)
271 {
272 $this->fileIncluded();
273 }
274 else if ($this->currentVar !== false)
275 {
276 $this->useMemberVar();
277 }
278 $this->currentString = null;
279 $this->currentStrings = null;
280 break;
281
282 case ']':
283 $this->useMemberVar(false);
284 break;
285 }
286 }
287
288 /**
289 * handle includes and requires
290 * @access private
291 */
292 function handleInclude($id,$text)
293 {
294 $this->inInclude = true;
295 $this->handleConstruct($id,$text);
296 }
297
298 /**
299 * handle String tokens
300 * @access private
301 */
302 function handleString($id,$text)
303 {
304 $this->currentString = $text;
305 $this->currentStrings .= $text;
306 }
307
308 /**
309 * handle String tokens
310 * @access private
311 */
312 function handleClearStrings($id,$text)
313 {
314 $this->currentString = '';
315 }
316
317 /**
318 * handle variables
319 * @access private
320 */
321 function handleVariable($id,$text)
322 {
323 $this->currentString = $text;
324 $this->currentStrings .= $text;
325 $this->useVariable();
326 }
327
328
329 /**
330 * handle Double Colon tokens
331 * @access private
332 */
333 function handleDoubleColon($id,$text)
334 {
335 $this->staticClass = $this->currentString;
336 $this->currentString = null;
337 }
338
339 /**
340 * handle new keyword
341 * @access private
342 */
343 function handleNew($id,$text)
344 {
345 $this->inNew = true;
346 }
347
348 /**
349 * handle function
350 * @access private
351 */
352 function handleFunction($id,$text)
353 {
354 $this->createdFunctions[] = $this->lineNumber;
355 }
356
357 /**
358 * handle class
359 * @access private
360 */
361 function handleClass($id,$text)
362 {
363 $this->createdClasses[] = $this->lineNumber;
364 }
365
366 /**
367 * Handle ->
368 * @access private
369 */
370 function handleObjectOperator($id,$text)
371 {
372 $this->currentVar = $this->currentString;
373 $this->currentString = null;
374 $this->currentStrings .= $text;
375 }
376
377 /**
378 * handle whitespace to figure out line counts
379 * @access private
380 */
381 function handleWhitespace($id,$text)
382 {
383 $this->lineNumber+=substr_count($text,"\n");
384 if ($id == T_CLOSE_TAG)
385 {
386 $this->handleSimpleToken(";");
387 }
388 }
389
390
391 /**
392 * as has been used we must have a var before it
393 *
394 * @access private
395 */
396 function handleAs($id,$text)
397 {
398 $this->handleSimpleToken(";");
399 }
400
401 /**
402 * a language construct has been called record it
403 * @access private
404 */
405 function handleConstruct($id,$construct)
406 {
407 if (!isset($this->calledConstructs[$construct]))
408 {
409 $this->calledConstructs[$construct] = array();
410 }
411 $this->calledConstructs[$construct][] = $this->lineNumber;
412 $this->currentString = null;
413 }
414
415 /**
416 * a class was Instantiated record it
417 * @access private
418 */
419 function classInstantiated()
420 {
421 if (!isset($this->classesInstantiated[$this->currentString]))
422 {
423 $this->classesInstantiated[$this->currentString] = array();
424 }
425 $this->classesInstantiated[$this->currentString][] = $this->lineNumber;
426 $this->inNew = false;
427 }
428
429 /**
430 * a file was included record it
431 * @access private
432 */
433 function fileIncluded()
434 {
435 if (!isset($this->filesIncluded[$this->currentStrings]))
436 {
437 $this->filesIncluded[$this->currentStrings] = array();
438 }
439 $this->filesIncluded[$this->currentStrings][] = $this->lineNumber;
440 $this->inInclude = false;
441 $this->currentString = null;
442 $this->currentStrings = "";
443 }
444
445 /**
446 * a function was called record it
447 * @access private
448 */
449 function functionCalled($id = false)
450 {
451 $function_name = trim(rtrim($this->currentStrings,'('));
452 if(empty($this->currentStrings) || substr($function_name,-1) != ']'){
453 $function_name = $this->currentString;
454 if(strstr('"\'',substr($function_name,-1))){
455 $this->currentString = null;
456 return ;
457 }
458 }
459
460 if (!isset($this->calledFunctions[$function_name]))
461 {
462 $this->calledFunctions[$function_name] = array();
463 }
464
465 $this->calledFunctions[$function_name][] = $this->lineNumber;
466 $this->currentString = null;
467 }
468
469 /**
470 * we used a member variable record it
471 * @access private
472 */
473 function useMemberVar($reset = true)
474 {
475 if (!isset($this->usedMemberVariables[$this->currentVar][$this->currentString])){
476 $this->usedMemberVariables[$this->currentVar][$this->currentString] = array();
477 }
478 $this->usedMemberVariables[$this->currentVar][$this->currentString][] = $this->lineNumber;
479 if($reset){
480 $this->currentVar = false;
481 $this->currentString = null;
482 }
483 }
484
485 /**
486 * we used a variable record it
487 * @access private
488 */
489 function useVariable()
490 {
491 if (!isset($this->usedVariables[$this->currentString]))
492 {
493 $this->usedVariables[$this->currentString] = array();
494 }
495 $this->usedVariables[$this->currentString][] = $this->lineNumber;
496 }
497 }
498 ?>
git-svn copy of the project.