Class Yasca

Description

This class implements a generic code scanner.

Located in /lib/Yasca.php (line 22)


	
			
Variable Summary
Method Summary
static void &getInstance ([ $options = array()])
static void log_message (string $message, [integer $severity = E_USER_NOTICE], [boolean $include_timestamp = false], [ $just_print = false])
static 0, result_list_comparator (Result $a, Result $b)
Yasca Yasca ([array $options = array()])
void add_attachment ( $cache_id)
hash calculate_signature (string $data, [string $password = "3A4B3f39jf203jfALSFJAEFJ30fn2q3lf32cQF3FG"])
array dir_recursive ([string $start_dir = '.'])
void execute_callback ( $event)
target find_target_by_relative_name (string $rel_filename)
void get_adjusted_alternate_name (string $plugin_name, [string $finding_name = ""], [string $default_text = ""])
void get_adjusted_description (string $plugin_name, string $finding_name, string $description)
void get_adjusted_severity ( $plugin_name, [ $finding_name = ""], [ $severity = 5])
void get_adjustment (string $key, string $default_value)
extension get_report_extension ([array $options = null])
text help ()
array include_plugins ([ $plugin_dir = "plugins"], string $plugin_directory)
void instantiate_report ( &$results, [array $options = null], [ $default_report = 'HTMLGroupReport'], array $results)
array parse_command_line_arguments ([boolean $parse_arguments = true])
void register_callback ( $event,  $func)
void scan ()
true validate_report (string $data)
void validate_signature (string $data, string $signature, [string $password = "3A4B3f39jf203jfALSFJAEFJ30fn2q3lf32cQF3FG"])
Variables
static mixed $instance = null (line 73)
  • access: private
array; $adjustment_list (line 66)

Adjusted information for various plugins. Used so we don't have to modify the original plugins.

  • access: private
mixed $attachment_list = array() (line 55)

This list contains all attachment references to the general cache

  • access: public
mixed $cache (line 75)
  • access: public
mixed $event_callback_list = array() (line 80)

Holds the event array for callbacks

  • access: public
mixed $general_cache = array() (line 71)

The general_cache array contains arrays of data to be cached. Read-Write by anyone.

  • access: public
array $options (line 29)

Options parsed from the command line.

  • access: public
mixed $plugin_file_list = array() (line 57)
  • access: public
array $plugin_list = array() (line 50)

The list of available plugin functions.

  • access: public
mixed $progress_callback = null (line 59)
  • access: public
array $results = array() (line 36)

The results of the scan.

  • access: public
array $target_list = array() (line 43)

The target list of files to scan.

  • access: public
Methods
static getInstance (line 118)

Gets the singleton instance of the Yasca object

  • access: public
static void &getInstance ([ $options = array()])
  • $options
static log_message (line 340)

This is the main error log and event log for the application. Depending on

whether the application is running in GUI or console mode, the output is directed appropriately. The severity value is one of the following: E_USER_ERROR, E_USER_WARNING, and E_USER_NOTICE. The function works as following: If --verbose is set, then everything is shown. Otherwise only E_USER_ERROR and E_USER_WARNING. If the silent flag is set, then nothing is shown at all. If the Yasca object is not defined, then this will do a simple print().

  • access: public
static void log_message (string $message, [integer $severity = E_USER_NOTICE], [boolean $include_timestamp = false], [ $just_print = false])
  • integer $severity: severity associated with the message.
  • string $message: message to write
  • boolean $include_timestamp: if true, then include a timestamp in the message.
  • $just_print
static result_list_comparator (line 542)

Compares results to sort them by severity.

  • return: 1, or -1 as per comparator standard
  • access: private
static 0, result_list_comparator (Result $a, Result $b)
  • Result $a: Result object to compare
  • Result $b: Result object to compare
Constructor Yasca (line 86)

Creates a new Yasca scanner object using the options passed in.

Yasca Yasca ([array $options = array()])
  • array $options: command line options (parsed)
add_attachment (line 739)

Adds an attachment to the attachment list. Only allows attachment that are represented in the general cache.

  • access: public
void add_attachment ( $cache_id)
  • $cache_id
calculate_signature (line 296)

Signs a piece of data using a hash. Uses SHA-1 to hash the data.

  • return: of the data.
hash calculate_signature (string $data, [string $password = "3A4B3f39jf203jfALSFJAEFJ30fn2q3lf32cQF3FG"])
  • string $data: string to hash.
  • string $password: salt used in the calculation.
dir_recursive (line 270)

Recursive directory listing. Returns all files starting at $start_dir.

  • return: of filenames
array dir_recursive ([string $start_dir = '.'])
  • string $start_dir: starting directory (default=.)
execute_callback (line 775)

Executes callbacks for a particular event.

  • access: public
void execute_callback ( $event)
  • $event
find_target_by_relative_name (line 604)

Attempts to find a target that matches the relative name supplied.

  • return: found, or false if none match.
target find_target_by_relative_name (string $rel_filename)
  • string $rel_filename: filename to search for
get_adjusted_alternate_name (line 725)

Gets the adjusted alternate name for a specific plugin.

void get_adjusted_alternate_name (string $plugin_name, [string $finding_name = ""], [string $default_text = ""])
  • string $plugin_name: plugin name referenced in adjustments.xml
  • string $finding_name: the "message" that is used in that line
  • string $default_text: the default text to show, if nothing was defined in $adjustments.xml (optional)
get_adjusted_description (line 680)

Gets the adjusted description of the finding.

void get_adjusted_description (string $plugin_name, string $finding_name, string $description)
  • string $plugin_name: plugin name used
  • string $finding_name: finding name
  • string $description: current description of the finding
get_adjusted_severity (line 699)

Gets the adjusted severity for a specific plugin.

void get_adjusted_severity ( $plugin_name, [ $finding_name = ""], [ $severity = 5])
  • $plugin_name
  • $finding_name
  • $severity
get_adjustment (line 665)

Retrieves a specific adjustment.

  • see: $this->adjustment_list
void get_adjustment (string $key, string $default_value)
  • string $key: key use look up
  • string $default_value: default value, if $key does not exist.
get_report_extension (line 559)

Finds the actual extension to be used for the report chosen. Includes the period (.).

  • return: (.html, .xml, .csv, etc.)
extension get_report_extension ([array $options = null])
  • array $options: program options.
help (line 506)

Returns the help message (used in console mode.

  • return: content of the help message (aka usage)
text help ()
include_plugins (line 216)

Finds and includes all plugins.

  • return: of functions now available.
array include_plugins ([ $plugin_dir = "plugins"], string $plugin_directory)
  • string $plugin_directory: directory to look for plugins in (recursively).
  • $plugin_dir
instantiate_report (line 572)

Instantiates a new Report object based on the data passed in.

void instantiate_report ( &$results, [array $options = null], [ $default_report = 'HTMLGroupReport'], array $results)
  • array $options: configuration options (especially 'report')
  • array $results: place where report results are placed
  • &$results
  • $default_report
load_adjustments (line 617)

Loads all of the adjustments from resources/adjustments.xml.

void load_adjustments ()
parse_command_line_arguments (line 398)

Parses the command line arguments (argc, argv).

  • return: of options.
array parse_command_line_arguments ([boolean $parse_arguments = true])
  • boolean $parse_arguments: actually parse arguments or use the default?
register_callback (line 756)

Registers a callback function to be executed at some time. Valid events are:

pre-scan - executes before the scan takes place post-scan - executes after scan() completes pre-report - executes before the reporting occurs post-report - executes after the reporting occurs

  • access: public
void register_callback ( $event,  $func)
  • $event
  • $func
scan (line 132)

This function initiaates the scan. After checking various things, it passes execution along to each of the plugins available, on each of the target files available.

void scan ()
validate_report (line 318)

Validates whether a report content has a valid hash.

  • return: iff the signature matches the expected.
true validate_report (string $data)
  • string $data: data to check (the report content)
validate_signature (line 309)

Validates if a signature has been tampered with. Uses calculate_signature() to re-calculate the signature.

void validate_signature (string $data, string $signature, [string $password = "3A4B3f39jf203jfALSFJAEFJ30fn2q3lf32cQF3FG"])
  • string $data: string to hash
  • string $signature: purported signature
  • string $password: salt used in the calculation. returns true iff the signature matches the expected.

Documentation generated on Mon, 28 Apr 2008 12:52:08 -0400 by phpDocumentor 1.4.0a2