public function analyze()
{
$vars = $this->loadIni('php_incoming.ini');
$vars = $vars['incoming'];
$safe = array('DOCUMENT_ROOT', 'REQUEST_TIME', 'SERVER_PORT', 'SERVER_NAME', 'REQUEST_TIME_FLOAT', 'SCRIPT_NAME', 'SERVER_ADMIN', '_');
$safeIndex = 'or( __.out("VARIABLE").has("code", "\\$_SERVER").count().is(eq(0)),
__.out("INDEX").hasLabel("String")
.where(__.out("ELEMENT").count().is(eq(0)) )
.has("noDelimiter", within(["' . implode('", "', $safe) . '"]))
.count().is(eq(0)))';
// Relayed call to another function
$this->atomIs('Variable')->codeIs($vars, true)->inIsIE('VARIABLE')->raw($safeIndex)->_as('result')->savePropertyAs('rank', 'rank')->inIs('ARGUMENT')->inIs('ARGUMENTS')->functionDefinition()->outIs('ARGUMENTS')->outIs('ARGUMENT')->samePropertyAs('rank', 'rank')->savePropertyAs('code', 'varname')->inIs('ARGUMENT')->inIs('ARGUMENTS')->outIs('BLOCK')->atomInside('Functioncall')->outIs('ARGUMENTS')->outIs('ARGUMENT')->analyzerIs('Security/SensitiveArgument')->outIsIE('CODE')->atomIs('Variable')->samePropertyAs('code', 'varname')->back('result');
$this->prepareQuery();
// $_GET/_POST ... directly as argument of PHP functions
$this->atomIs('Variable')->codeIs($vars, true)->analyzerIs('Security/SensitiveArgument')->inIsIE('CODE')->inIs('ARGUMENT')->inIs('ARGUMENTS');
$this->prepareQuery();
// $_GET/_POST ['index'] (one level).. directly as argument of PHP functions
$this->atomIs('Variable')->codeIs($vars, true)->inIs('VARIABLE')->raw($safeIndex)->inIsIE('CODE')->analyzerIs('Security/SensitiveArgument')->inIs('ARGUMENT')->inIs('ARGUMENTS');
$this->prepareQuery();
// $_GET/_POST ['index']['index2'] (2 levels and more)... directly as argument of PHP functions
$this->atomIs('Variable')->codeIs($vars, true)->goToArray()->analyzerIs('Security/SensitiveArgument')->raw($safeIndex)->inIs('ARGUMENT')->inIs('ARGUMENTS');
$this->prepareQuery();
// "$_GET/_POST ['index']"... inside an operation is probably OK if not concatenation!
$this->atomIs('Variable')->codeIs($vars, true)->goToArray()->raw($safeIndex)->inIs('CONCAT');
$this->prepareQuery();
// $_GET/_POST array... inside a string is useless and safe (will print Array)
// "$_GET/_POST ['index']"... inside a string or a concatenation is unsafe
$this->atomIs('Variable')->codeIs($vars, true)->goToArray()->raw($safeIndex)->inIs('CONCAT');
$this->prepareQuery();
// foreach (looping on incoming variables)
$this->atomIs('Variable')->codeIs($vars, true)->goToArray()->inIs('SOURCE');
$this->prepareQuery();
}