-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathside_channel_detector.php
85 lines (59 loc) · 2.88 KB
/
side_channel_detector.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
include_once(dirname(__FILE__) . '/dataflow_side_channel_analysis.php');
include_once(dirname(__FILE__) . '/TaintPHP/PHP-Parser-master/lib/bootstrap.php');
include_once(dirname(__FILE__) . '/TaintPHP/TaintAnalysis/TaintAnalysis.php');
include_once(dirname(__FILE__) . '/TaintPHP/CallGraph/CallGraph.php');
include_once(dirname(__FILE__) . '/TaintPHP/CFG/CFG.php');
include_once(dirname(__FILE__) . '/TaintPHP/CFG/FunctionSignature.php');
include_once(dirname(__FILE__) . '/TaintPHP/CFG/FunctionSignatureMap.php');
$projectPath = $argv[1];
// Iterating over all PHP files in a project path.
$Directory = new RecursiveDirectoryIterator($projectPath);
$Iterator = new RecursiveIteratorIterator($Directory);
$Regex = new RegexIterator($Iterator, '/^.+\.php$/i', RecursiveRegexIterator::GET_MATCH);
$Regex->rewind();
// Map from filenames to CFG information.
$cfgInfoMap = array();
// Map from function names to signatures.
$functionSignatures = new FunctionSignatureMap();
// Construct CFG map.
while($Regex->valid()) {
// Regex iterator contains an array of a single element for each file.
$fileName = $Regex->current()[0];
// Obtain the CFGs of the main function, auxiliary functions and function signatures.
$fileCFGInfo = CFG::construct_file_cfgs($fileName);
$cfgInfoMap[$fileName] = $fileCFGInfo;
$functionSignatures->addAll($fileCFGInfo->getFunctionRepresentations());
$Regex->next();
}
// Construct call graphs, perform taint analysis and side channel detection.
$Regex->rewind();
print "==== FUNCTION SIGNATURES ===\n";
$functionSignatures->printFunctionSignatureMap();
// Add nodes of the call graphs from the global set of function signatures defined in the program.
// Analyze the entire program again to add edges and the nodes for non-user function calls.
$callGraph = new CallGraph();
$callGraph->addAllNodesFromFunctionSignatures($functionSignatures);
while($Regex->valid()) {
$fileName = $Regex->current()[0];
print "==== STARTING CALL GRAPH CONSTRUCTION: " . $fileName . " ====\n";
$callGraph->addFileCallGraphInfo($cfgInfoMap[$fileName], $functionSignatures);
print "Call Graph:\n";
$callGraph->printCallGraph();
//print "==== STARTING TAINT ANALYSIS ====\n";
//$fileTaintedMaps = fileTaintAnalysis($fileCFGInfo);
//print "==== STARTING SIDE-CHANNEL DETECTION ====\n";
//dataflow_side_channel_detection($fileCFGInfo, $fileTaintedMaps);
$Regex->next();
}
$callGraph->computeRootNodes();
$callGraph->printCallGraphRoots();
$callGraph->computeLeafNodes();
$callGraph->printCallGraphLeaves();
// Perform taint analysis over the entire application.
print "==== STARTING TAINT ANALYSIS ====\n";
$taintMap = taintAnalysis($callGraph, $cfgInfoMap, $functionSignatures);
// Perform side channel analysis over the entire application.
print "==== STARTING SIDE CHANNEL ANALYSIS ====\n";
sideChannelAnalysis($taintMap, $callGraph, $cfgInfoMap, $functionSignatures);
?>