$obj_context is an instance of class \progpilot\Context
- objcontext−>inputs−>setFolder(folder);
- objcontext−>inputs−>setFile(file);
where file is the path to file which exists on the disk, example ./myfile.php
- objcontext−>inputs−>setCode(code);
where code is the contents/code of a file, for example *code=filegetcontents("./myfile.php");∗ifbothoptionsaresetwhentheanalyzeislaunchedthepriorityisgiventoanalyzethefile.
if all options are set when the analyze is launched the priority is given to analyze the folder.Toretrievethevalueoffile, codeandfolder use these methods:
- $obj_context->inputs->getFile();
- $obj_context->inputs->getCode();
- $obj_context->inputs->getFolder();
- objcontext−>inputs−>setDev(bool);
If you want to use security data relative to development of progpilot (default is false)
- objcontext−>inputs−>addSources(files_sources);
- objcontext−>inputs−>setSources(files_sources);
- objcontext−>inputs−>addSinks(files_sinks);
- objcontext−>inputs−>setSinks(files_sinks);
- objcontext−>inputs−>addSanitizers(files_sanitizers);
- objcontext−>inputs−>setSanitizers(files_sanitizers);
- objcontext−>inputs−>addValidators(files_validators);
- objcontext−>inputs−>setValidators(files_validators);
- objcontext−>inputs−>addCustomRules(files_custom);
- objcontext−>inputs−>setCustomRules(files_custom);
- $obj_context->inputs->getCustomRules();
- $obj_context->inputs->getSources();
- $obj_context->inputs->getSinks();
- $obj_context->inputs->getSanitizers();
- $obj_context->inputs->getValidators();
These methods are mainly explained in the chapter specify an analyze and customize an analyze
If a file (sources, sinks, sanitizers, validators, custom rules) is not specified the default file will be used.
- objcontext−>inputs−>setResolvedIncludes(mixed);
This function is explained in the chapter about included files
- objcontext−>inputs−>setFalsePositives(mixed);
These functions are explained in the chapter about handling false positives
- objcontext−>inputs−>setInclusions(mixed);
- objcontext−>inputs−>setExclusions(mixed);
For include or exclude files and folders during the analysis, see an example here with a json file configuration and an example here with a php array.
- objcontext−>outputs−>setWriteIncludeFailures(bool);
- objcontext−>outputs−>setIncludeFailuresFile(file);
These functions are explained in the chapter about included files
- $obj_context->outputs->getAst();
- $obj_context->outputs->getCfg();
- $obj_context->outputs->getCallGraph();
- objcontext−>outputs−>taintedFlow(bool);
true or false if you want to print the complete flow of assignments that taints a variable used by a sink function (default is false: only the last tainted variable is printed).
- objcontext−>outputs−>setOnAddResult(func);
for each vulnerability found by progpilot the function func will be called with the vulnerability as argument.
- $obj_context->outputs->getCountAnalyzedFiles();
print the number of files analyzed (it does not count the included files (with include() for example in PHP)).
- objcontext−>setMaxDefinitions(nb);
to prevent memory exhaustion you could limit the number of definitions by file during the analysis (default is 3000)
- objcontext−>setMaxFileAnalysisDuration(time_sec);
max execution time by file for some steps of the analysis (default is 10 seconds)
- objcontext−>setMaxFileSize(size_bytes);
do not analyze file that are larger than this defined size (default is 500 000 bytes)
- objcontext−>setDebugMode(bool);
true if you want to output warnings during the analysis, default is false
- objcontext−>setPrettyPrint(bool);
true if you want to pretty print the JSON output of standalone progpilot application, default is true
- objcontext−>setAnalyzeIncludes(bool);
true or false if you want to analyze included files, default is true
- objcontext−>setConfiguration(config);
you can use an yaml file to specify the configuration of analysis, see an example here.
These rules are explained in the chapter customize an analyze