PHPAnalysis.Analysis.DefaultTaintProvider.DefaultServerVariable C# (CSharp) Метод

        private Variable DefaultServerVariable()
        {
            var server = new Variable("_SERVER", VariableScope.SuperGlobal)
                         {
                             Info = {
                                      NestedVariableDefaultTaintFactory = _taintedTaintFactory,
                                      DefaultDimensionTaintFactory = _taintedTaintFactory,
                                      NestedVariablePossibleStoredDefaultTaintFactory = _untaintedTaintFactory
                                    }
                         };

            var safeServerVars = new[]
                                 {
                                     // IDEA - These could easily be defined in an external file, to allow for changes without recompiling.
                                     new Variable("GATEWAY_INTERFACE", VariableScope.Instance),
                                     new Variable("HTTPS", VariableScope.Instance),
                                     new Variable("REMOTE_ADDR", VariableScope.Instance),
                                     new Variable("REMOTE_HOST", VariableScope.Instance),
                                     new Variable("REMOTE_PORT", VariableScope.Instance),
                                     new Variable("REQUEST_TIME", VariableScope.Instance),
                                     new Variable("SCRIPT_FILENAME", VariableScope.Instance),
                                     new Variable("SCRIPT_NAME", VariableScope.Instance),
                                     new Variable("SERVER_ADDR", VariableScope.Instance),
                                     new Variable("SERVER_ADMIN", VariableScope.Instance),
                                     new Variable("SERVER_PROTOCOL", VariableScope.Instance),
                                     new Variable("SERVER_PORT", VariableScope.Instance),
                                     new Variable("SERVER_SIGNATURE", VariableScope.Instance),
                                     new Variable("SERVER_SOFTWARE", VariableScope.Instance),
                                 };
            foreach (var safeServerVar in safeServerVars)
            {
                safeServerVar.Info.Taints = _untaintedTaintFactory();
                safeServerVar.Info.DefaultDimensionTaintFactory = _untaintedTaintFactory;
                safeServerVar.Info.NestedVariableDefaultTaintFactory = _untaintedTaintFactory;
                safeServerVar.Info.NestedVariablePossibleStoredDefaultTaintFactory = _untaintedTaintFactory;

                server.Info.Variables.Add(new VariableTreeDimension() { Key = safeServerVar.Name }, safeServerVar);
            }

            var serverName = new Variable("SERVER_NAME", VariableScope.Instance)
                             {
                                 // SERVER_NAME seems to be XSS safe, but not necessarily SQLi safe: http://shiflett.org/blog/2006/mar/server-name-versus-http-host
                                 Info =
                                 {
                                     Taints = new TaintSets(new SQLITaintSet(SQLITaint.SQL_ALL), new XSSTaintSet()),
                                     DefaultDimensionTaintFactory = _untaintedTaintFactory,
                                     NestedVariableDefaultTaintFactory = _untaintedTaintFactory,
                                     NestedVariablePossibleStoredDefaultTaintFactory = _untaintedTaintFactory
                                 }
                             };
            server.Info.Variables.Add(new VariableTreeDimension() { Key = serverName.Name }, serverName );

            return server;
        }