Vulny-Code-Static-Analysis/indicators.py

117 lines
5.1 KiB
Python

#!/usr/bin/python
# -*- coding: utf-8 -*-
# /!\ Detection Format (.*)function($vuln)(.*) matched by payload[0]+regex_indicators
regex_indicators = '\((.*?)(\$_GET\[.*?\]|\$_FILES\[.*?\]|\$_POST\[.*?\]|\$_REQUEST\[.*?\]|\$_COOKIES\[.*?\]|\$_SESSION\[.*?\]|\$(?!this|e-)[a-zA-Z0-9_]*)(.*?)\)'
# Function_Name:String, Vulnerability_Name:String, Protection_Function:Array
payloads = [
# Remote Command Execution
["eval","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["popen","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["system","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["passthru","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["shell_exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["assert","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["proc_open","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["call_user_func","Remote Code Execution",[]],
["call_user_func_array","Remote Code Execution",[]],
["preg_replace","Remote Command Execution",["preg_quote"]],
["ereg_replace","Remote Command Execution",["preg_quote"]],
["eregi_replace","Remote Command Execution",["preg_quote"]],
["mb_ereg_replace","Remote Command Execution",["preg_quote"]],
["mb_eregi_replace","Remote Command Execution",["preg_quote"]],
# File Inclusion / Path Traversal
["virtual","File Inclusion",[]],
["include","File Inclusion",[]],
["require","File Inclusion",[]],
["include_once","File Inclusion",[]],
["require_once","File Inclusion",[]],
["readfile","File Inclusion / Path Traversal",[]],
["file_get_contents","File Inclusion / Path Traversal",[]],
["show_source","File Inclusion / Path Traversal",[]],
["fopen","File Inclusion / Path Traversal",[]],
["file","File Inclusion / Path Traversal",[]],
["fpassthru","File Inclusion / Path Traversal",[]],
["gzopen","File Inclusion / Path Traversal",[]],
["gzfile","File Inclusion / Path Traversal",[]],
["gzpassthru","File Inclusion / Path Traversal",[]],
["readgzfile","File Inclusion / Path Traversal",[]],
# MySQL(i) SQL Injection
["mysql_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_multi_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_send_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
["mysql_unbuffered_query","SQL Injection",["mysql_real_escape_string"]],
["mysql_db_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli::real_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
# PostgreSQL Injection
["pg_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
["pg_send_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
# SQLite SQL Injection
["sqlite_array_query","SQL Injection",["sqlite_escape_string"]],
["sqlite_exec","SQL Injection",["sqlite_escape_string"]],
["sqlite_query","SQL Injection",["sqlite_escape_string"]],
["sqlite_single_query","SQL Injection",["sqlite_escape_string"]],
["sqlite_unbuffered_query","SQL Injection",["sqlite_escape_string"]],
# PDO SQL Injection
["->arrayQuery","SQL Injection",["->prepare"]],
["->query","SQL Injection",["->prepare"]],
["->queryExec","SQL Injection",["->prepare"]],
["->singleQuery","SQL Injection",["->prepare"]],
["->querySingle","SQL Injection",["->prepare"]],
["->exec","SQL Injection",["->prepare"]],
["->execute","SQL Injection",["->prepare"]],
["->unbufferedQuery","SQL Injection",["->prepare"]],
["->real_query","SQL Injection",["->prepare"]],
["->multi_query","SQL Injection",["->prepare"]],
["->send_query","SQL Injection",["->prepare"]],
# Cubrid SQL Injection
["cubrid_unbuffered_query","SQL Injection",["cubrid_real_escape_string"]],
["cubrid_query","SQL Injection",["cubrid_real_escape_string"]],
# MSSQL SQL Injection : Warning there is not any real_escape_string
["mssql_query","SQL Injection",["mssql_escape"]],
# File Upload
["move_uploaded_file","File Upload",[]],
# Cross Site Scripting
["echo","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
["print","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
["printf","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
# XPATH and LDAP
["xpath","XPATH Injection",[]],
["ldap_search","LDAP Injection",["Zend_Ldap","ldap_escape"]],
# Insecure E-Mail
["mail", "Insecure E-mail",[]],
# PHP Objet Injection
["unserialize", "PHP Object Injection",[]],
# Header Injection
["header","Header Injection",[]],
["HttpMessage::setHeaders","Header Injection",[]],
["HttpRequest::setHeaders","Header Injection",[]],
# URL Redirection
["http_redirect","URL Redirection",[]],
["HttpMessage::setResponseCode","URL Redirection",[]],
]