swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FEATURE : PHP object injection detection

pull/3/head
Swissky 2017-05-28 22:42:28 +02:00
parent c75f1eb415
commit 5160b19e1b
3 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
functions.py
View File

@ -102,7 +102,7 @@ def check_declaration(content, vuln, path):
# Check constant then return True if constant because it's false positive
declaration_text = "$"+vuln[1:] +declaration[0][0]+"="+declaration[0][1]
line_declaration = find_line_declaration(declaration_text, content)
regex_constant = re.compile("\$"+vuln[1:]+"([\t ]*)=[\t ]*([\"\'(]*?[a-zA-Z0-9{}_]*?[\"\')]*?);")
regex_constant = re.compile("\$"+vuln[1:]+"([\t ]*)=[\t ]*?([\"\'(]*?[a-zA-Z0-9{}_\(\)@\.: ]*?[\"\')]*?);")
false_positive = regex_constant.match(declaration_text)
if false_positive:

1
index.py
View File

@ -8,7 +8,6 @@
# TODO afficher toutes les modifications de la variable -
# TODO checker recursivement les vulns dans la déclaration d'une var
# BUG color var['something']
# TODO serialize detection
import sys
import argparse

8
indicators.py
View File

@ -19,6 +19,8 @@ payloads = [
["require_once","File Inclusion",[]],
["readfile","File Inclusion",[]],
["file_get_contents","File Inclusion",[]],
["show_source","File Inclusion",[]],
["highlight_file","File Inclusion",[]],
["mysql_query","SQL Injection",["mysql_real_escape_string"]],
["mysql_unbuffered_query","SQL Injection",["mysql_real_escape_string"]],
@ -32,7 +34,9 @@ payloads = [
["move_uploaded_file","File Upload",[]],
["echo","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
# Print etc
["mail", "Insecure E-mail",[]]
["mail", "Insecure E-mail",[]],
["unserialize", "PHP Object Injection",[]]
]