BUGFIX - False positive for declaration $var = pgconnect
parent
1289809b15
commit
37887b7635
|
@ -24,6 +24,7 @@ def analysis(path):
|
|||
matches = regex.findall(content)
|
||||
|
||||
for vuln_content in matches:
|
||||
|
||||
# Security hole detected, is it protected ?
|
||||
if check_protection(payload[2], vuln_content) == False:
|
||||
declaration_text, line_declaration = "",""
|
||||
|
@ -34,15 +35,14 @@ def analysis(path):
|
|||
for vulnerable_var in regax.findall(sentence):
|
||||
false_positive = False
|
||||
|
||||
# BUG nt des var et mettre en couleur la bonne plutôt que la première
|
||||
# BUG ex fct(occurence) et mettre en couleur la xieme occurence
|
||||
# No declaration for $_GET, $_POST ...
|
||||
if check_exception(vulnerable_var[1]) == False:
|
||||
|
||||
# Look for the declaration of $something = xxxxx
|
||||
false_positive, declaration_text, line_declaration = check_declaration(content, vulnerable_var[1], path)
|
||||
|
||||
# Set false positive if protection is in the variable's declaration
|
||||
false_positive = false_positive or check_protection(payload[2], declaration_text)==True
|
||||
# Set false positive if protection is in the variable's declaration
|
||||
false_positive = false_positive or check_protection(payload[2], declaration_text)==True
|
||||
|
||||
# Display all the vuln
|
||||
line_vuln = find_line_vuln(path, payload, vuln_content, content)
|
||||
|
|
2
index.py
2
index.py
|
@ -9,6 +9,8 @@
|
|||
# TODO checker recursivement les vulns dans la déclaration d'une var
|
||||
# BUG color var['something']
|
||||
# BUG PGSQL : pg_pconnect / pg_connect detected
|
||||
# BUG nt des var et mettre en couleur la bonne plutôt que la première
|
||||
# BUG ex fct(occurence) et mettre en couleur la xieme occurence
|
||||
|
||||
import sys
|
||||
import argparse
|
||||
|
|
|
@ -37,7 +37,7 @@ payloads = [
|
|||
["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
|
||||
["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
|
||||
["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
|
||||
["pg_query","SQL Injection",["pg_escape_string"]],
|
||||
["pg_query","SQL Injection",["pg_escape_string","pg_pconnect"]],
|
||||
["->query","SQL Injection",["->prepare"]],
|
||||
["->exec","SQL Injection",["->prepare"]],
|
||||
["->execute","SQL Injection",["->prepare"]],
|
||||
|
|
Loading…
Reference in New Issue