php.ast.svn.src.: php-oracle/Security.h Source File

00001 /*------------------------------------------------------------------------------
00002     This file is part of PHP-AST Project by Romain Gaucher (http://rgaucher.info).
00003 
00004     PHP-AST is free software: you can redistribute it and/or modify
00005     it under the terms of the GNU General Public License as published by
00006     the Free Software Foundation, either version 3 of the License, or
00007     (at your option) any later version.
00008 
00009     PHP-AST/ORACLE is distributed in the hope that it will be useful,
00010     but WITHOUT ANY WARRANTY; without even the implied warranty of
00011     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00012     GNU General Public License for more details.
00013 
00014     You should have received a copy of the GNU General Public License
00015     along with PHP-AST.  If not, see <http://www.gnu.org/licenses/>.
00016 ------------------------------------------------------------------------------*/
00017 
00018 #ifndef __SECURITY_H
00019 #define __SECURITY_H
00020 
00021 #include <map>
00022 #include <list>
00023 #include <string>
00024 #include <sstream>
00025 #include <iostream>
00026 #include "Utils.h"
00027 
00028 
00029 struct SecurityAnalysisToken {
00030     /**
00031         Severity rating
00032         5: Critical: High & Simply exploitable
00033         4: High
00034         3: Medium
00035         2: Low
00036         1: Plop
00037         0: Information
00038     */
00039     unsigned int severity;
00040     //! accuracy of the engine
00041     float probability;
00042     //! vulnerability type
00043     std::string type;
00044 
00045     //! path
00046     std::list<AstNode *> path;
00047 
00048     ~SecurityAnalysisToken() {}
00049     SecurityAnalysisToken() {}
00050     SecurityAnalysisToken(const SecurityAnalysisToken& s) {
00051         severity = s.severity;
00052         probability = s.probability;
00053         type = s.type;
00054         path = s.type;
00055     }
00056     SecurityAnalysisToken& operator=(const SecurityAnalysisToken& s) {
00057         severity = s.severity;
00058         probability = s.probability;
00059         type = s.type;
00060         path = s.type;
00061     }
00062 };
00063 
00064 
00065 typedef std::list<SecurityAnalysisToken> SecurityAnalysisResult;
00066 
00067 
00068 /**
00069     Security Analyzer abstract class
00070 */
00071 class Security {
00072   public:
00073     Security() {}
00074     virtual ~Security() {}
00075   public:
00076     virtual SecurityAnalysis operator()(const tree<AstNode>& tr, const MapClasses* classes = 0, const MapVariables* vars = 0,
00077                                         const MapFunctions *func = 0, const MapAssignments *assigns = 0, const MapVarEquivalent *equiv = 0) = 0;
00078 };
00079 
00080 
00081 /**
00082     Analyze the technical flaws such as XSS, SQL Injection, etc.
00083 */
00084 class FlawsAnalyzer : public Security
00085 {
00086   public:
00087     Ast defAST;
00088     const Ast *ast;
00089     std::list<std::string> sensitive;
00090     std::list<std::string> sanitize;
00091     std::list<std::string> tainted;
00092   public:
00093     FlawAnalyzer(){}
00094     FlawAnalyzer(const Ast* astPtr, const std::string& defASTStr, const std::list<std::string>& sinks, const std::list<std::string>& sanit,const std::list<std::string>& tSrc) {
00095         ast = astPtr;
00096         defAST = Ast(defASTStr);
00097         sensitive = sinks;
00098         sanitize  = sanit;
00099         tainted   = tSrc;
00100     }
00101     virtual ~FlawAnalyzer() {}
00102     virtual SecurityAnalysis operator()(const tree<AstNode>&, const MapClasses* classes = 0, const MapVariables* vars = 0,
00103                                         const MapFunctions *func = 0, const MapAssignments *assigns = 0, const MapVarEquivalent *equiv = 0);
00104 };
00105 
00106 
00107 #endif