PHP静态分析与跨站脚本检测
从寒假就开始看他的程序,寒假里边没有怎么搞明白,又冷,手生冻疮了。回来以后,从头开始看吧,分析那一部分不是很明白,但是看到后来,检测漏洞的时候,我想暂时不管它存储的结构什么,反正都是Node之类的东西,看他是怎么检测的,有的细节地方那个暂时翻过去,结果感觉比前边analysze部分简单得多了,连那些存储结构什么的都明白些了。
当然也看他的论文,论文换了一个寒假看完,没弄明白,像Cfg这些东西在论文中有,但是显示不出来,没有直观的感觉,不爽。所以这两天忙着弄了个GUI界面来显示这个Cfg控制流图,麻烦了一点,不过总算是出来了,看看好像也没有多大问题,献丑在这里了。另外,本来是自己使用的,有的地方考虑不周也无所谓,自己再调调就行了。
共有3个文件,第一个是Coor.java,保存每个节点的坐标以及其子节点坐标:
package at.ac.tuwien.infosys.www.pixy;
import java.util.*;
public class Coor
{
private int x;
private int y;
private ListCoor> coors;
public Coor(int x, int y)
{
this.coors = new LinkedListCoor>();
this.x = x;
this.y = y;
}
public int getX()
{
return this.x;
}
public int getY()
{
return this.y;
}
public ListCoor> getCoors()
{
return this.coors;
}
public void addCoor(Coor coor)
{
this.coors.add(coor);
}
public boolean equals(Coor coor)
{
if (coor.getX()==this.x && coor.getY()==y)
{
return true;
}
return false;
}
public boolean contains(Coor c)
{
for (Coor coor : this.coors)
{
if (coor.getX()==c.getX() && coor.getY()==c.getY())
{
return true;
}
}
return false;
}
}
第二个是DrawPanel.java,负责画图的组件:
package at.ac.tuwien.infosys.www.pixy;
import at.ac.tuwien.infosys.www.pixy.conversion.Cfg;
import at.ac.tuwien.infosys.www.pixy.conversion.nodes.*;
import java.util.*;
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
/**
*
* @author Administrator
*/
public class DrawPanel extends JPanel
{
private java.util.ListCfgNode> cfgList;
private java.util.ListCoor> coorList;
/** Creates a new instance of OvalJPanel */
public DrawPanel(java.util.ListCfgNode> cfgList, java.util.ListCoor> coorList)
{
this.cfgList = cfgList;
this.coorList = coorList;
}
//在面板上绘制图形
public void paintComponent(Graphics g)
{
for (int i=0 ;ithis.cfgList.size() ;i++ )
{
CfgNode cfgNode = this.cfgList.get(i);
Coor coor = this.coorList.get(i);
int x = coor.getX();
int y = coor.getY();
g.setColor(Color.red);
g.drawOval(x-50, y-15, 100, 30);
g.setColor(Color.blue);
g.drawString(cfgNode.toString(), x-30, y-5);
g.drawString("Loc :" + String.valueOf(cfgNode.getOrigLineno()), x, y+10);
java.util.ListCoor> coors = coor.getCoors();
for (Coor c : coors)
{
int cx = c.getX();
int cy = c.getY();
g.setColor(Color.black);
if (c.equals(coor))
{
g.setColor(Color.yellow);
}
g.drawLine(x, y+15, cx, cy-15);
}
}
}
}
第三个是Draw.java,主控制组件,只需要在Checker中调用该类,传以适当参数(Cfg),就可以了。
package at.ac.tuwien.infosys.www.pixy;
import at.ac.tuwien.infosys.www.pixy.conversion.Cfg;
import at.ac.tuwien.infosys.www.pixy.conversion.nodes.*;
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
import java.util.*;
/**
*
* @author Administrator
*/
public class Draw {
//声明框架
private JFrame frame = new JFrame("Control Flow Graph");
//声明书签面板
private DrawPanel draw;
private Cfg cfg;
private MapCfgNode, Coor> map;
private java.util.ListCfgNode> cfgList;
private java.util.ListCoor> coorList;
private int startX = 50;
private int startY = 30;
/** Creates a new instance of TabbedJFrame */
public Draw(Cfg cfg) {
//this.map = new TreeMap
this.cfgList = new LinkedListCfgNode>();
this.coorList = new LinkedListCoor>();
this.cfg = cfg;
}
public void show()
{
frame.add(new JScrollPane(new DrawPanel(this.cfgList, this.coorList)), BorderLayout.CENTER);
frame.setSize(1000, 1000);
frame.setLocation(50, 50);
frame.setVisible(true);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
}
/**
* 将Cfg转换为cfgList和coorList.
*/
public void convert()
{
CfgNode node = this.cfg.getHead();
int size = this.cfg.size();
Coor coor = new Coor(startX, startY);
this.cfgList.add(node);
this.coorList.add(coor);
System.out.println(size);
java.util.ListCfgNode> noded = new LinkedListCfgNode>();
for (int i=0 ;isize ;i++ )
{
int n = i;
if (noded.contains(node))
{
n = -1;
for (CfgNode cfgNode : this.cfgList )
{
n++;
if (noded.contains(cfgNode))
{
continue;
}
node = cfgNode;
break;
}
}
noded.add(node);//为了上边的if判断好做,故在此向noded中添加
java.util.ListCfgNode> list = node.getSuccessors();
int len = list.size();
if (len == 0)
{
continue;
}
int k = 0;
coor = this.coorList.get(this.cfgList.indexOf(node));
startY = coor.getY() + 60;
for (CfgNode cfgNode : list)
{
startX = coor.getX() + k*250;
k++;
if (this.cfgList.contains(cfgNode))
{
Coor c = (Coor)this.coorList.get(this.cfgList.indexOf(cfgNode));
if (!coor.contains(c))
{
coor.addCoor(c);
}
continue;
}
coor.addCoor(new Coor(startX, startY));
this.cfgList.add(cfgNode);
this.coorList.add(new Coor(startX, startY));
}
node = list.get(0);//这里取到的CfgNode可能已经分析过了,通过上边的if判断可以从cfgList中另外取一个。
}
}
public void setStartX(int x)
{
this.startX = x;
}
public void setStartY(int y)
{
this.startY = y;
}
public int getStartX()
{
return this.startX;
}
public int getStartY()
{
return this.startY;
}
public void dump()
{
System.out.println("------------------");
for (int i=0 ; ithis.cfgList.size(); i++)
{
CfgNode cfgNode = this.cfgList.get(i);
Coor coor = this.coorList.get(i);
System.out.println(cfgNode.toString() + " "/* + cfgNode.toString()*/ +" " + coor.getX() + " " + coor.getY() + " " + coor.getCoors().size());
}
System.out.println("------------------");
}
public void dumpMap()
{
java.util.ListCfgNode> list = this.cfg.dfPreOrder();
System.out.println("******************");
for (CfgNode node : list)
{
System.out.println(" " + node.toString() + " " + node.getSuccessors().size());
}
System.out.println("******************");
}
public static void main(String [] args)
{
// new Draw();
}
}
可能这个项目还会做很久,中间会不会有些心得继续放到这个懒得管的空间中来呢,期待着。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Solution: Your organization requires you to change your PIN
Oct 04, 2023 pm 05:45 PM
The message "Your organization has asked you to change your PIN" will appear on the login screen. This happens when the PIN expiration limit is reached on a computer using organization-based account settings, where they have control over personal devices. However, if you set up Windows using a personal account, the error message should ideally not appear. Although this is not always the case. Most users who encounter errors report using their personal accounts. Why does my organization ask me to change my PIN on Windows 11? It's possible that your account is associated with an organization, and your primary approach should be to verify this. Contacting your domain administrator can help! Additionally, misconfigured local policy settings or incorrect registry keys can cause errors. Right now
How to adjust window border settings on Windows 11: Change color and size
Sep 22, 2023 am 11:37 AM
Windows 11 brings fresh and elegant design to the forefront; the modern interface allows you to personalize and change the finest details, such as window borders. In this guide, we'll discuss step-by-step instructions to help you create an environment that reflects your style in the Windows operating system. How to change window border settings? Press + to open the Settings app. WindowsI go to Personalization and click Color Settings. Color Change Window Borders Settings Window 11" Width="643" Height="500" > Find the Show accent color on title bar and window borders option, and toggle the switch next to it. To display accent colors on the Start menu and taskbar To display the theme color on the Start menu and taskbar, turn on Show theme on the Start menu and taskbar
How to change title bar color on Windows 11?
Sep 14, 2023 pm 03:33 PM
By default, the title bar color on Windows 11 depends on the dark/light theme you choose. However, you can change it to any color you want. In this guide, we'll discuss step-by-step instructions for three ways to change it and personalize your desktop experience to make it visually appealing. Is it possible to change the title bar color of active and inactive windows? Yes, you can change the title bar color of active windows using the Settings app, or you can change the title bar color of inactive windows using Registry Editor. To learn these steps, go to the next section. How to change title bar color in Windows 11? 1. Using the Settings app press + to open the settings window. WindowsI go to "Personalization" and then
OOBELANGUAGE Error Problems in Windows 11/10 Repair
Jul 16, 2023 pm 03:29 PM
Do you see "A problem occurred" along with the "OOBELANGUAGE" statement on the Windows Installer page? The installation of Windows sometimes stops due to such errors. OOBE means out-of-the-box experience. As the error message indicates, this is an issue related to OOBE language selection. There is nothing to worry about, you can solve this problem with nifty registry editing from the OOBE screen itself. Quick Fix – 1. Click the “Retry” button at the bottom of the OOBE app. This will continue the process without further hiccups. 2. Use the power button to force shut down the system. After the system restarts, OOBE should continue. 3. Disconnect the system from the Internet. Complete all aspects of OOBE in offline mode
How to enable or disable taskbar thumbnail previews on Windows 11
Sep 15, 2023 pm 03:57 PM
Taskbar thumbnails can be fun, but they can also be distracting or annoying. Considering how often you hover over this area, you may have inadvertently closed important windows a few times. Another disadvantage is that it uses more system resources, so if you've been looking for a way to be more resource efficient, we'll show you how to disable it. However, if your hardware specs can handle it and you like the preview, you can enable it. How to enable taskbar thumbnail preview in Windows 11? 1. Using the Settings app tap the key and click Settings. Windows click System and select About. Click Advanced system settings. Navigate to the Advanced tab and select Settings under Performance. Select "Visual Effects"
Display scaling guide on Windows 11
Sep 19, 2023 pm 06:45 PM
We all have different preferences when it comes to display scaling on Windows 11. Some people like big icons, some like small icons. However, we all agree that having the right scaling is important. Poor font scaling or over-scaling of images can be a real productivity killer when working, so you need to know how to customize it to get the most out of your system's capabilities. Advantages of Custom Zoom: This is a useful feature for people who have difficulty reading text on the screen. It helps you see more on the screen at one time. You can create custom extension profiles that apply only to certain monitors and applications. Can help improve the performance of low-end hardware. It gives you more control over what's on your screen. How to use Windows 11
10 Ways to Adjust Brightness on Windows 11
Dec 18, 2023 pm 02:21 PM
Screen brightness is an integral part of using modern computing devices, especially when you look at the screen for long periods of time. It helps you reduce eye strain, improve legibility, and view content easily and efficiently. However, depending on your settings, it can sometimes be difficult to manage brightness, especially on Windows 11 with the new UI changes. If you're having trouble adjusting brightness, here are all the ways to manage brightness on Windows 11. How to Change Brightness on Windows 11 [10 Ways Explained] Single monitor users can use the following methods to adjust brightness on Windows 11. This includes desktop systems using a single monitor as well as laptops. let's start. Method 1: Use the Action Center The Action Center is accessible
How to Fix Activation Error Code 0xc004f069 in Windows Server
Jul 22, 2023 am 09:49 AM
The activation process on Windows sometimes takes a sudden turn to display an error message containing this error code 0xc004f069. Although the activation process is online, some older systems running Windows Server may experience this issue. Go through these initial checks, and if they don't help you activate your system, jump to the main solution to resolve the issue. Workaround – close the error message and activation window. Then restart the computer. Retry the Windows activation process from scratch again. Fix 1 – Activate from Terminal Activate Windows Server Edition system from cmd terminal. Stage – 1 Check Windows Server Version You have to check which type of W you are using
