swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bugfix - Constant init var fixed

pull/3/head
Swissky 2017-05-28 22:11:40 +02:00
parent 012581e641
commit c75f1eb415
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
functions.py
View File

@ -99,11 +99,12 @@ def check_declaration(content, vuln, path):
declaration = regex_declaration.findall(content)
if len(declaration)>0:
# TODO: Check constant then return True if constant because it's false positive
# Check constant then return True if constant because it's false positive
declaration_text = "$"+vuln[1:] +declaration[0][0]+"="+declaration[0][1]
line_declaration = find_line_declaration(declaration_text, content)
regex_constant = re.compile("\$"+vuln[1:]+"([\t ]*)=[\t ]*([\"\'][a-zA-Z0-9]*?[\"\']);")
regex_constant = re.compile("\$"+vuln[1:]+"([\t ]*)=[\t ]*([\"\'(]*?[a-zA-Z0-9{}_]*?[\"\')]*?);")
false_positive = regex_constant.match(declaration_text)
if false_positive:
return (True, "","")
return (False, declaration_text,line_declaration)

2
index.py
View File

@ -6,7 +6,9 @@
# Educational purpose only !
# TODO afficher toutes les modifications de la variable -
# TODO checker recursivement les vulns dans la déclaration d'une var
# BUG color var['something']
# TODO serialize detection
import sys
import argparse