Vulny-Code-Static-Analysis/indicators.py

117 lines
5.5 KiB
Python
Raw Normal View History

2017-05-21 13:56:42 +00:00
#!/usr/bin/python
# -*- coding: utf-8 -*-
# /!\ Detection Format (.*)function($vuln)(.*) matched by payload[0]+regex_indicators
regex_indicators = '\\((.*?)(\\$_GET\\[.*?\\]|\\$_FILES\\[.*?\\]|\\$_POST\\[.*?\\]|\\$_REQUEST\\[.*?\\]|\\$_COOKIES\\[.*?\\]|\\$_SESSION\\[.*?\\]|\\$(?!this|e-)[a-zA-Z0-9_]*)(.*?)\\)'
2017-05-21 13:56:42 +00:00
# Function_Name:String, Vulnerability_Name:String, Protection_Function:Array
payloads = [
# Remote Command Execution
["eval", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
["popen", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
["system", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
["passthru", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
["exec", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
["shell_exec", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
["assert", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
["proc_open", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
["call_user_func", "Remote Code Execution", []],
["call_user_func_array", "Remote Code Execution", []],
["preg_replace", "Remote Command Execution", ["preg_quote"]],
["ereg_replace", "Remote Command Execution", ["preg_quote"]],
["eregi_replace", "Remote Command Execution", ["preg_quote"]],
["mb_ereg_replace", "Remote Command Execution", ["preg_quote"]],
["mb_eregi_replace", "Remote Command Execution", ["preg_quote"]],
# File Inclusion / Path Traversal
["virtual", "File Inclusion", []],
["include", "File Inclusion", []],
["require", "File Inclusion", []],
["include_once", "File Inclusion", []],
["require_once", "File Inclusion", []],
["readfile", "File Inclusion / Path Traversal", []],
["file_get_contents", "File Inclusion / Path Traversal", []],
["show_source", "File Inclusion / Path Traversal", []],
["fopen", "File Inclusion / Path Traversal", []],
["file", "File Inclusion / Path Traversal", []],
["fpassthru", "File Inclusion / Path Traversal", []],
["gzopen", "File Inclusion / Path Traversal", []],
["gzfile", "File Inclusion / Path Traversal", []],
["gzpassthru", "File Inclusion / Path Traversal", []],
["readgzfile", "File Inclusion / Path Traversal", []],
# MySQL(i) SQL Injection
["mysql_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysqli_multi_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysqli_send_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysqli_master_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysqli_master_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysql_unbuffered_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysql_db_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysqli::real_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysqli_real_query", "SQL Injection", ["mysql_real_escape_string"]],
["mysqli::query", "SQL Injection", ["mysql_real_escape_string"]],
["mysqli_query", "SQL Injection", ["mysql_real_escape_string"]],
# PostgreSQL Injection
["pg_query", "SQL Injection", ["pg_escape_string", "pg_pconnect", "pg_connect"]],
["pg_send_query", "SQL Injection", ["pg_escape_string", "pg_pconnect", "pg_connect"]],
# SQLite SQL Injection
["sqlite_array_query", "SQL Injection", ["sqlite_escape_string"]],
["sqlite_exec", "SQL Injection", ["sqlite_escape_string"]],
["sqlite_query", "SQL Injection", ["sqlite_escape_string"]],
["sqlite_single_query", "SQL Injection", ["sqlite_escape_string"]],
["sqlite_unbuffered_query", "SQL Injection", ["sqlite_escape_string"]],
# PDO SQL Injection
["->arrayQuery", "SQL Injection", ["->prepare"]],
["->query", "SQL Injection", ["->prepare"]],
["->queryExec", "SQL Injection", ["->prepare"]],
["->singleQuery", "SQL Injection", ["->prepare"]],
["->querySingle", "SQL Injection", ["->prepare"]],
["->exec", "SQL Injection", ["->prepare"]],
["->execute", "SQL Injection", ["->prepare"]],
["->unbufferedQuery", "SQL Injection", ["->prepare"]],
["->real_query", "SQL Injection", ["->prepare"]],
["->multi_query", "SQL Injection", ["->prepare"]],
["->send_query", "SQL Injection", ["->prepare"]],
# Cubrid SQL Injection
["cubrid_unbuffered_query", "SQL Injection", ["cubrid_real_escape_string"]],
["cubrid_query", "SQL Injection", ["cubrid_real_escape_string"]],
# MSSQL SQL Injection : Warning there is not any real_escape_string
["mssql_query", "SQL Injection", ["mssql_escape"]],
# File Upload
["move_uploaded_file", "File Upload", []],
# Cross Site Scripting
["echo", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
["print", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
["printf", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
# XPATH and LDAP
["xpath", "XPATH Injection", []],
["ldap_search", "LDAP Injection", ["Zend_Ldap", "ldap_escape"]],
# Insecure E-Mail
["mail", "Insecure E-mail", []],
# PHP Objet Injection
["unserialize", "PHP Object Injection", []],
# Header Injection
["header", "Header Injection", []],
["HttpMessage::setHeaders", "Header Injection", []],
["HttpRequest::setHeaders", "Header Injection", []],
# URL Redirection
["http_redirect", "URL Redirection", []],
["HttpMessage::setResponseCode", "URL Redirection", []],
2017-05-21 13:56:42 +00:00
]