Exakat\Analyzer\Security\DirectInjection::analyze PHP Метод

    public function analyze()
    {
        $vars = $this->loadIni('php_incoming.ini');
        $vars = $vars['incoming'];
        $safe = array('DOCUMENT_ROOT', 'REQUEST_TIME', 'SERVER_PORT', 'SERVER_NAME', 'REQUEST_TIME_FLOAT', 'SCRIPT_NAME', 'SERVER_ADMIN', '_');
        $safeIndex = 'or( __.out("VARIABLE").has("code", "\\$_SERVER").count().is(eq(0)), 
                          __.out("INDEX").hasLabel("String")
                            .where(__.out("ELEMENT").count().is(eq(0)) )
                            .has("noDelimiter", within(["' . implode('", "', $safe) . '"]))
                            .count().is(eq(0)))';
        // Relayed call to another function
        $this->atomIs('Variable')->codeIs($vars, true)->inIsIE('VARIABLE')->raw($safeIndex)->_as('result')->savePropertyAs('rank', 'rank')->inIs('ARGUMENT')->inIs('ARGUMENTS')->functionDefinition()->outIs('ARGUMENTS')->outIs('ARGUMENT')->samePropertyAs('rank', 'rank')->savePropertyAs('code', 'varname')->inIs('ARGUMENT')->inIs('ARGUMENTS')->outIs('BLOCK')->atomInside('Functioncall')->outIs('ARGUMENTS')->outIs('ARGUMENT')->analyzerIs('Security/SensitiveArgument')->outIsIE('CODE')->atomIs('Variable')->samePropertyAs('code', 'varname')->back('result');
        $this->prepareQuery();
        // $_GET/_POST ... directly as argument of PHP functions
        $this->atomIs('Variable')->codeIs($vars, true)->analyzerIs('Security/SensitiveArgument')->inIsIE('CODE')->inIs('ARGUMENT')->inIs('ARGUMENTS');
        $this->prepareQuery();
        // $_GET/_POST ['index'] (one level).. directly as argument of PHP functions
        $this->atomIs('Variable')->codeIs($vars, true)->inIs('VARIABLE')->raw($safeIndex)->inIsIE('CODE')->analyzerIs('Security/SensitiveArgument')->inIs('ARGUMENT')->inIs('ARGUMENTS');
        $this->prepareQuery();
        // $_GET/_POST ['index']['index2'] (2 levels and more)... directly as argument of PHP functions
        $this->atomIs('Variable')->codeIs($vars, true)->goToArray()->analyzerIs('Security/SensitiveArgument')->raw($safeIndex)->inIs('ARGUMENT')->inIs('ARGUMENTS');
        $this->prepareQuery();
        // "$_GET/_POST ['index']"... inside an operation is probably OK if not concatenation!
        $this->atomIs('Variable')->codeIs($vars, true)->goToArray()->raw($safeIndex)->inIs('CONCAT');
        $this->prepareQuery();
        // $_GET/_POST array... inside a string is useless and safe (will print Array)
        // "$_GET/_POST ['index']"... inside a string or a concatenation is unsafe
        $this->atomIs('Variable')->codeIs($vars, true)->goToArray()->raw($safeIndex)->inIs('CONCAT');
        $this->prepareQuery();
        // foreach (looping on incoming variables)
        $this->atomIs('Variable')->codeIs($vars, true)->goToArray()->inIs('SOURCE');
        $this->prepareQuery();
    }