BUGFIX - False positive for declaration $var = pgconnect

pull/3/head
Swissky 2017-06-05 21:15:38 +02:00
parent 1289809b15
commit 37887b7635
3 changed files with 9 additions and 7 deletions

View File

@ -24,6 +24,7 @@ def analysis(path):
matches = regex.findall(content) matches = regex.findall(content)
for vuln_content in matches: for vuln_content in matches:
# Security hole detected, is it protected ? # Security hole detected, is it protected ?
if check_protection(payload[2], vuln_content) == False: if check_protection(payload[2], vuln_content) == False:
declaration_text, line_declaration = "","" declaration_text, line_declaration = "",""
@ -34,10 +35,9 @@ def analysis(path):
for vulnerable_var in regax.findall(sentence): for vulnerable_var in regax.findall(sentence):
false_positive = False false_positive = False
# BUG nt des var et mettre en couleur la bonne plutôt que la première
# BUG ex fct(occurence) et mettre en couleur la xieme occurence
# No declaration for $_GET, $_POST ... # No declaration for $_GET, $_POST ...
if check_exception(vulnerable_var[1]) == False: if check_exception(vulnerable_var[1]) == False:
# Look for the declaration of $something = xxxxx # Look for the declaration of $something = xxxxx
false_positive, declaration_text, line_declaration = check_declaration(content, vulnerable_var[1], path) false_positive, declaration_text, line_declaration = check_declaration(content, vulnerable_var[1], path)

View File

@ -9,6 +9,8 @@
# TODO checker recursivement les vulns dans la déclaration d'une var # TODO checker recursivement les vulns dans la déclaration d'une var
# BUG color var['something'] # BUG color var['something']
# BUG PGSQL : pg_pconnect / pg_connect detected # BUG PGSQL : pg_pconnect / pg_connect detected
# BUG nt des var et mettre en couleur la bonne plutôt que la première
# BUG ex fct(occurence) et mettre en couleur la xieme occurence
import sys import sys
import argparse import argparse

View File

@ -37,7 +37,7 @@ payloads = [
["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]], ["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli::query","SQL Injection",["mysql_real_escape_string"]], ["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_query","SQL Injection",["mysql_real_escape_string"]], ["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
["pg_query","SQL Injection",["pg_escape_string"]], ["pg_query","SQL Injection",["pg_escape_string","pg_pconnect"]],
["->query","SQL Injection",["->prepare"]], ["->query","SQL Injection",["->prepare"]],
["->exec","SQL Injection",["->prepare"]], ["->exec","SQL Injection",["->prepare"]],
["->execute","SQL Injection",["->prepare"]], ["->execute","SQL Injection",["->prepare"]],