Vulny-Code-Static-Analysis/indicators.py

#!/usr/bin/python
# -*- coding: utf-8 -*-

# /!\ Detection Format (.*)function($vuln)(.*) matched by payload[0]+regex_indicators
regex_indicators = '\\((.*?)(\\$_GET\\[.*?\\]|\\$_FILES\\[.*?\\]|\\$_POST\\[.*?\\]|\\$_REQUEST\\[.*?\\]|\\$_COOKIES\\[.*?\\]|\\$_SESSION\\[.*?\\]|\\$(?!this|e-)[a-zA-Z0-9_]*)(.*?)\\)'

# Function_Name:String, Vulnerability_Name:String, Protection_Function:Array
payloads = [

    # Remote Command Execution
    ["eval", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["popen", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["popen_ex", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["system", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["passthru", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["exec", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["shell_exec", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["pcntl_exec", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["assert", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["proc_open", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["expect_popen", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["create_function", "Remote Command Execution", ["escapeshellarg", "escapeshellcmd"]],
    ["call_user_func", "Remote Code Execution", []],
    ["call_user_func_array", "Remote Code Execution", []],
    ["preg_replace", "Remote Command Execution", ["preg_quote"]],
    ["ereg_replace", "Remote Command Execution", ["preg_quote"]],
    ["eregi_replace", "Remote Command Execution", ["preg_quote"]],
    ["mb_ereg_replace", "Remote Command Execution", ["preg_quote"]],
    ["mb_eregi_replace", "Remote Command Execution", ["preg_quote"]],

    # File Inclusion / Path Traversal
    ["virtual", "File Inclusion", []],
    ["include", "File Inclusion", []],
    ["require", "File Inclusion", []],
    ["include_once", "File Inclusion", []],
    ["require_once", "File Inclusion", []],

    ["readfile", "File Inclusion / Path Traversal", []],
    ["file_get_contents", "File Inclusion / Path Traversal", []],
    ["file_put_contents", "File Inclusion / Path Traversal", []],
    ["show_source", "File Inclusion / Path Traversal", []],
    ["fopen", "File Inclusion / Path Traversal", []],
    ["file", "File Inclusion / Path Traversal", []],
    ["fpassthru", "File Inclusion / Path Traversal", []],
    ["gzopen", "File Inclusion / Path Traversal", []],
    ["gzfile", "File Inclusion / Path Traversal", []],
    ["gzpassthru", "File Inclusion / Path Traversal", []],
    ["readgzfile", "File Inclusion / Path Traversal", []],
    
    ["DirectoryIterator", "File Inclusion / Path Traversal", []],
    ["stream_get_contents", "File Inclusion / Path Traversal", []],
    ["copy", "File Inclusion / Path Traversal", []],

    # MySQL(i) SQL Injection
    ["mysql_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysqli_multi_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysqli_send_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysqli_master_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysqli_master_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysql_unbuffered_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysql_db_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysqli::real_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysqli_real_query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysqli::query", "SQL Injection", ["mysql_real_escape_string"]],
    ["mysqli_query", "SQL Injection", ["mysql_real_escape_string"]],

    # PostgreSQL Injection
    ["pg_query", "SQL Injection", ["pg_escape_string", "pg_pconnect", "pg_connect"]],
    ["pg_send_query", "SQL Injection", ["pg_escape_string", "pg_pconnect", "pg_connect"]],

    # SQLite SQL Injection
    ["sqlite_array_query", "SQL Injection", ["sqlite_escape_string"]],
    ["sqlite_exec", "SQL Injection", ["sqlite_escape_string"]],
    ["sqlite_query", "SQL Injection", ["sqlite_escape_string"]],
    ["sqlite_single_query", "SQL Injection", ["sqlite_escape_string"]],
    ["sqlite_unbuffered_query", "SQL Injection", ["sqlite_escape_string"]],

    # PDO SQL Injection
    ["->arrayQuery", "SQL Injection", ["->prepare"]],
    ["->query", "SQL Injection", ["->prepare"]],
    ["->queryExec", "SQL Injection", ["->prepare"]],
    ["->singleQuery", "SQL Injection", ["->prepare"]],
    ["->querySingle", "SQL Injection", ["->prepare"]],
    ["->exec", "SQL Injection", ["->prepare"]],
    ["->execute", "SQL Injection", ["->prepare"]],
    ["->unbufferedQuery", "SQL Injection", ["->prepare"]],
    ["->real_query", "SQL Injection", ["->prepare"]],
    ["->multi_query", "SQL Injection", ["->prepare"]],
    ["->send_query", "SQL Injection", ["->prepare"]],

    # Cubrid SQL Injection
    ["cubrid_unbuffered_query", "SQL Injection", ["cubrid_real_escape_string"]],
    ["cubrid_query", "SQL Injection", ["cubrid_real_escape_string"]],

    # MSSQL SQL Injection : Warning there is not any real_escape_string
    ["mssql_query", "SQL Injection", ["mssql_escape"]],

    # File Upload
    ["move_uploaded_file", "File Upload", []],

    # Cross Site Scripting
    ["echo", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["print", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["printf", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["vprintf", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["trigger_error", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["user_error", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["odbc_result_all", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["ifx_htmltbl_result", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["die", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["exit", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],
    ["var_dump", "Cross Site Scripting", ["htmlentities", "htmlspecialchars"]],

    # XPATH and LDAP
    ["xpath", "XPATH Injection", []],
    ["ldap_search", "LDAP Injection", ["Zend_Ldap", "ldap_escape"]],

    # Insecure E-Mail
    ["mail", "Insecure E-mail", []],

    # PHP Objet Injection
    ["unserialize", "PHP Object Injection", []],

    # Header Injection
    ["header", "Header Injection", []],
    ["HttpMessage::setHeaders", "Header Injection", []],
    ["HttpRequest::setHeaders", "Header Injection", []],

    # URL Redirection
    ["http_redirect", "URL Redirection", []],
    ["HttpMessage::setResponseCode", "URL Redirection", []],

    # Server Side Template Injection
    ["->render", "Server Side Template Injection", []],
    ["->assign", "Server Side Template Injection", []],

    # Weak Cryptographic Hash
    ["md5", "Weak Cryptographic Hash", []],
    ["sha1", "Weak Cryptographic Hash", []],

    # Insecure Weak Random
    ["mt_rand", "Insecure Weak Random", []],
    ["srand", "Insecure Weak Random", []],
    ["uniqid", "Insecure Weak Random", []],

    # Information Leak
    ["phpinfo", "Information Leak", []],
    ["debug_print_backtrace", "Information Leak", []],
    ["show_source", "Information Leak", []],
    ["highlight_file", "Information Leak", []],

    # Server Side Request Forgery
    ["curl_setopt", "Server Side Request Forgery", []],
    ["curl_exec", "Server Side Request Forgery", []],
    ["fsockopen", "Server Side Request Forgery", []],


    # XML External Entity
    ["SimpleXMLElement", "XML External Entity", []],
    ["xmlparse", "XML External Entity", []],
    ["loadXML", "XML External Entity", []],
    ["simplexml_load_string", "XML External Entity", []],

    # Others
    ["unlink", "Arbitrary File Deletion", []],
    ["extract", "Arbitrary Variable Overwrite", []],
    ["setcookie", "Arbitrary Cookie", []],
    ["chmod", "Arbitrary File Permission", []],
    ["mkdir", "Arbitrary Folder Creation", []],
    
]