BUGFIX - False positive for declaration $var = pgconnect

pull/3/head
Swissky 2017-06-05 21:15:38 +02:00
parent 1289809b15
commit 37887b7635
3 changed files with 9 additions and 7 deletions

View File

@ -24,6 +24,7 @@ def analysis(path):
matches = regex.findall(content)
for vuln_content in matches:
# Security hole detected, is it protected ?
if check_protection(payload[2], vuln_content) == False:
declaration_text, line_declaration = "",""
@ -34,15 +35,14 @@ def analysis(path):
for vulnerable_var in regax.findall(sentence):
false_positive = False
# BUG nt des var et mettre en couleur la bonne plutôt que la première
# BUG ex fct(occurence) et mettre en couleur la xieme occurence
# No declaration for $_GET, $_POST ...
if check_exception(vulnerable_var[1]) == False:
# Look for the declaration of $something = xxxxx
false_positive, declaration_text, line_declaration = check_declaration(content, vulnerable_var[1], path)
# Set false positive if protection is in the variable's declaration
false_positive = false_positive or check_protection(payload[2], declaration_text)==True
# Set false positive if protection is in the variable's declaration
false_positive = false_positive or check_protection(payload[2], declaration_text)==True
# Display all the vuln
line_vuln = find_line_vuln(path, payload, vuln_content, content)

View File

@ -9,6 +9,8 @@
# TODO checker recursivement les vulns dans la déclaration d'une var
# BUG color var['something']
# BUG PGSQL : pg_pconnect / pg_connect detected
# BUG nt des var et mettre en couleur la bonne plutôt que la première
# BUG ex fct(occurence) et mettre en couleur la xieme occurence
import sys
import argparse

View File

@ -37,7 +37,7 @@ payloads = [
["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
["pg_query","SQL Injection",["pg_escape_string"]],
["pg_query","SQL Injection",["pg_escape_string","pg_pconnect"]],
["->query","SQL Injection",["->prepare"]],
["->exec","SQL Injection",["->prepare"]],
["->execute","SQL Injection",["->prepare"]],