symbolic

package

v0.1.3 Latest Latest Go to latest Published: May 27, 2026 License: GPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hatlesswizard/inputtracer

Links

Open Source Insights

Documentation ¶

Overview ¶

Package symbolic provides symbolic execution for deep semantic tracing This traces object instantiation, constructor execution, method calls, and property population Works universally across ALL PHP applications - no framework-specific hints

Package symbolic provides symbolic execution for deep semantic tracing

Index ¶

func CreateParser() *sitter.Parser
type Assignment
type ChainStep
type ExecutionEngine
- func NewExecutionEngine() *ExecutionEngine
- func NewExecutionEngineWithCacheSize(cacheSize int) *ExecutionEngine
- func (e *ExecutionEngine) AddParsedFile(filePath string, root *sitter.Node, content []byte)
- func (e *ExecutionEngine) AddSymbolTable(filePath string, st *types.SymbolTable)
- func (e *ExecutionEngine) ClearFileCache()
- func (e *ExecutionEngine) FileCacheStats() (hits, misses, memUsage int64)
- func (e *ExecutionEngine) GetFileContent(filePath string) ([]byte, error)
- func (e *ExecutionEngine) GetParsedFile(filePath string) (*sitter.Node, error)
- func (e *ExecutionEngine) TracePropertyAccess(expression string, contextFile string) (*PropertyFlow, error)
type ExpressionType
type ExternalAssignment
type FlowStep
type LRUFileCache
- func NewLRUFileCache(maxEntries int) *LRUFileCache
- func NewLRUFileCacheWithMemoryLimit(maxEntries int, maxMemory int64) *LRUFileCache
- func (c *LRUFileCache) Clear()
- func (c *LRUFileCache) Get(filePath string) (*sitter.Node, []byte, error)
- func (c *LRUFileCache) GetContent(filePath string) ([]byte, error)
- func (c *LRUFileCache) GetParsedFile(filePath string) (*sitter.Node, error)
- func (c *LRUFileCache) Has(filePath string) bool
- func (c *LRUFileCache) MemoryUsage() int64
- func (c *LRUFileCache) Remove(filePath string)
- func (c *LRUFileCache) Size() int
- func (c *LRUFileCache) Stats() (hits, misses int64, memUsage int64)
type MagicPropertyInfo
type MethodCall
type MethodReturnInfo
type ObjectInstance
type ParsedExpression
type PropertyFlow
- func (flow *PropertyFlow) GenerateFlowReport() string
- func (flow *PropertyFlow) GenerateMermaidDiagram() string
type PropertyState
type UltimateSource

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateParser ¶

func CreateParser() *sitter.Parser

CreateParser creates a new PHP parser

Types ¶

type Assignment ¶

type Assignment struct {
	Source      string // The source expression (e.g., "$_GET", "$array[$key]")
	SourceType  string // Type of source
	Method      string // Which method made this assignment
	Line        int
	FilePath    string
	IsUserInput bool     // Whether this comes from user input
	TaintChain  []string // Chain of taints
}

Assignment represents one assignment to a property

type ChainStep ¶

type ChainStep struct {
	Type      ExpressionType // PropertyAccess or MethodCall
	Name      string         // method or property name
	Arguments []string       // method arguments if method call
	AccessKey string         // array access key if any
}

ChainStep represents one step in a chained expression

type ExecutionEngine ¶

type ExecutionEngine struct {
	// contains filtered or unexported fields
}

ExecutionEngine performs symbolic execution to trace data flow through objects Memory-optimized with LRU file caching to prevent unbounded memory growth

func NewExecutionEngine ¶

func NewExecutionEngine() *ExecutionEngine

NewExecutionEngine creates a new symbolic execution engine Uses an LRU file cache to limit memory usage

func NewExecutionEngineWithCacheSize ¶

func NewExecutionEngineWithCacheSize(cacheSize int) *ExecutionEngine

NewExecutionEngineWithCacheSize creates an engine with custom cache size

func (*ExecutionEngine) AddParsedFile ¶

func (e *ExecutionEngine) AddParsedFile(filePath string, root *sitter.Node, content []byte)

AddParsedFile adds a parsed file AST DEPRECATED: Use SetFilePath and let the LRU cache handle loading

func (*ExecutionEngine) AddSymbolTable ¶

func (e *ExecutionEngine) AddSymbolTable(filePath string, st *types.SymbolTable)

AddSymbolTable adds a symbol table from a parsed file

func (*ExecutionEngine) ClearFileCache ¶

func (e *ExecutionEngine) ClearFileCache()

ClearFileCache releases all cached files to free memory

func (*ExecutionEngine) FileCacheStats ¶

func (e *ExecutionEngine) FileCacheStats() (hits, misses, memUsage int64)

FileCacheStats returns cache statistics for monitoring

func (*ExecutionEngine) GetFileContent ¶

func (e *ExecutionEngine) GetFileContent(filePath string) ([]byte, error)

GetFileContent retrieves file content using LRU cache (lazy loading)

func (*ExecutionEngine) GetParsedFile ¶

func (e *ExecutionEngine) GetParsedFile(filePath string) (*sitter.Node, error)

GetParsedFile retrieves parsed AST using LRU cache (lazy loading)

func (*ExecutionEngine) TracePropertyAccess ¶

func (e *ExecutionEngine) TracePropertyAccess(expression string, contextFile string) (*PropertyFlow, error)

type ExpressionType ¶

type ExpressionType int

ExpressionType represents the type of expression being traced

const (
	ExprTypeUnknown        ExpressionType = iota
	ExprTypePropertyAccess                // $obj->property or $obj->property['key']
	ExprTypeMethodCall                    // $obj->method('arg') or $obj->method($var)
	ExprTypeStaticCall                    // Class::method('arg')
	ExprTypeStaticProperty                // Class::$property
	ExprTypeFunctionCall                  // function('arg')
	ExprTypeSuperglobal                   // $_GET['key'], $_POST['key'], etc.
	ExprTypeLocalVariable                 // $id, $username (simple variable)
)

type ExternalAssignment ¶

type ExternalAssignment struct {
	PropertyName string // The property being assigned
	Source       string // The value assigned (e.g., "generate_post_check()")
	FilePath     string
	Line         int
}

ExternalAssignment represents a property assigned outside the class definition This handles dynamic properties like: $mybb->post_code = generate_post_check();

type FlowStep ¶

type FlowStep struct {
	StepNumber  int
	Description string
	Code        string
	FilePath    string
	Line        int
	Type        string // "property_init", "constructor_call", "method_call", "assignment", "loop", "return"
}

FlowStep represents one step in the flow trace

type LRUFileCache ¶

type LRUFileCache struct {
	// contains filtered or unexported fields
}

LRUFileCache provides memory-efficient file and AST caching with O(1) operations It uses lazy loading with LRU eviction to prevent unbounded memory growth

func NewLRUFileCache ¶

func NewLRUFileCache(maxEntries int) *LRUFileCache

NewLRUFileCache creates a new file cache with specified limits MEMORY FIX: Reduced defaults for multi-threaded usage

func NewLRUFileCacheWithMemoryLimit ¶

func NewLRUFileCacheWithMemoryLimit(maxEntries int, maxMemory int64) *LRUFileCache

NewLRUFileCacheWithMemoryLimit creates a cache with custom memory limit

func (*LRUFileCache) Clear ¶

func (c *LRUFileCache) Clear()

Clear removes all entries from the cache

func (*LRUFileCache) Get ¶

func (c *LRUFileCache) Get(filePath string) (*sitter.Node, []byte, error)

Get retrieves or lazily loads a file's AST and content - O(1) for cached files

func (*LRUFileCache) GetContent ¶

func (c *LRUFileCache) GetContent(filePath string) ([]byte, error)

GetContent retrieves file content with lazy loading

func (*LRUFileCache) GetParsedFile ¶

func (c *LRUFileCache) GetParsedFile(filePath string) (*sitter.Node, error)

GetParsedFile retrieves parsed AST with lazy loading

func (*LRUFileCache) Has ¶

func (c *LRUFileCache) Has(filePath string) bool

Has checks if a file is in the cache - O(1)

func (*LRUFileCache) MemoryUsage ¶

func (c *LRUFileCache) MemoryUsage() int64

MemoryUsage returns current estimated memory usage in bytes

func (*LRUFileCache) Remove ¶

func (c *LRUFileCache) Remove(filePath string)

Remove removes a specific file from the cache - O(1)

func (*LRUFileCache) Size ¶

func (c *LRUFileCache) Size() int

Size returns the current number of cached files

func (*LRUFileCache) Stats ¶

func (c *LRUFileCache) Stats() (hits, misses int64, memUsage int64)

Stats returns cache hit/miss statistics

type MagicPropertyInfo ¶

type MagicPropertyInfo struct {
	HasMagicGet      bool   // Class has __get method
	HasDynamicAssign bool   // Class has $this->$var = $val pattern
	BackingProperty  string // Property used for storage (e.g., "phrases")
	AssignMethodName string // Method that assigns properties
	SourceType       string // "file_include", "array", etc.
}

type MethodCall ¶

type MethodCall struct {
	ClassName  string
	MethodName string
	Arguments  []string
	FilePath   string
	Line       int
	CalledFrom string // Parent method
}

MethodCall represents a method invocation

type MethodReturnInfo ¶

type MethodReturnInfo struct {
	ReturnsProperty     bool     // returns $this->property
	PropertyName        string   // which property
	UsesParamAsKey      bool     // returns $this->property[$param]
	ParamIndex          int      // which parameter is used as key
	ReturnsParam        bool     // returns a parameter directly
	ReturnStatements    []string // all return statement code
	ReturnsUserInput    bool     // directly returns user input
	UserInputExpression string   // e.g., "$_GET['key']"
	ReturnsSelf         bool     // returns $this (fluent interface)
}

MethodReturnInfo captures what a method returns

type ObjectInstance ¶

type ObjectInstance struct {
	VariableName string
	ClassName    string
	FilePath     string
	Line         int
	Properties   map[string]*PropertyState
}

ObjectInstance represents an instantiated object

type ParsedExpression ¶

type ParsedExpression struct {
	Type            ExpressionType
	RawExpr         string
	VarName         string   // $mybb
	ClassName       string   // MyBB (resolved)
	PropertyName    string   // input
	MethodName      string   // get_input
	AccessKey       string   // 'thumbnail' or 'timezone'
	Arguments       []string // method arguments
	SuperglobalName string   // $_GET, $_POST, etc. (for ExprTypeSuperglobal)
	IsSuperglobal   bool     // true if this is a superglobal access

	// Chained expression support
	IsChained  bool        // true if this is a chained expression
	ChainSteps []ChainStep // Steps in the chain
}

ParsedExpression holds the parsed components of an expression

type PropertyFlow ¶

type PropertyFlow struct {
	// The expression being traced (e.g., "$mybb->input['thumbnail']" or "$mybb->get_input('timezone')")
	Expression string

	// The class and property/method
	ClassName    string
	PropertyName string
	MethodName   string
	AccessKey    string // e.g., "thumbnail" for array access or method argument

	// The complete trace
	Steps []FlowStep

	// Ultimate sources
	Sources []UltimateSource
}

PropertyFlow represents the complete flow analysis for a property access

func (*PropertyFlow) GenerateFlowReport ¶

func (flow *PropertyFlow) GenerateFlowReport() string

GenerateFlowReport generates a human-readable flow report

func (*PropertyFlow) GenerateMermaidDiagram ¶

func (flow *PropertyFlow) GenerateMermaidDiagram() string

GenerateMermaidDiagram generates a Mermaid flowchart for the flow

type PropertyState ¶

type PropertyState struct {
	ClassName      string
	PropertyName   string
	InitialValue   string
	CurrentSources []string     // What sources have flowed into this property
	PopulatedBy    []MethodCall // Which method calls populated this property
	Assignments    []Assignment // All assignments to this property
}

PropertyState tracks the state of a class property

type UltimateSource ¶

type UltimateSource struct {
	Type       string // "http_get", "http_post", "http_cookie", etc.
	Expression string // e.g., "$_GET['thumbnail']"
	FilePath   string
	Line       int
}

UltimateSource represents the original user input source

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL