scanner/modules/scanner_variables.php

52 lines
1.8 KiB
PHP
Raw Permalink Normal View History

<?php
class VariableModule extends ScannerModule {
private $assigned_variables = array();
private $captured = array();
function VariableModule() {
$this->ScannerModule();
}
function parserCallback( $object ) {
$pattern = '/\$[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*/';
$matches = array();
$variable = preg_match($pattern, $object['name'], $matches) > 0 ? $matches[0] : false;
$scope = "{$object['in_class']}::{$object['in_function']}";
if (!isset($this->assigned_variables[$scope] ) )
$this->assigned_variables[$scope] = array();
if ($object['type'] == PHPPARSER_ASSIGNMENT) {
list($var, $value) = explode('=', $object['name']);
if ($variable == $var) {
// Regular variable assignment
//$this->fault($object, 0, "Assignment: {$object['name']}");
$this->assigned_variables[$scope][] = $var;
} else {
// Array index assignment
//$this->fault($object, 0, "Array index assignment: [{$variable}] {$object['name']}");
if (
!in_array($variable, $this->assigned_variables[$scope])
&& (empty($object['in_class']) && $variable == '$this')
) {
$this->fault($object, FAULT_MINOR, "Array key assignment on previously undefined variable: $var");
}
$this->assigned_variables[$scope][] = $variable;
}
}
if (
$object['type'] == PHPPARSER_VARIABLE
// Cannot yet accurately scan the global scope, so functions only
&& !empty($object['in_function'])
&& !in_array($variable, $this->assigned_variables[$scope])
&& !in_array($variable, array(
// Superglobals are exempt, obviously
'$GLOBALS', '$_SERVER', '$_GET', '$_POST', '$_FILES', '$_COOKIE', '$_SESSION', '$_REQUEST', '$_ENV'
))
&& (empty($object['in_class']) && $variable == '$this')
) {
$this->fault($object, FAULT_MEDIUM, "Undefined Variable: $variable");
}
}
}
addModule( new VariableModule() );
?>