scanner/test.php

<?php
require_once( 'parser.php' );

$filters = array(
	array(
		'type' => PHPPARSER_EXPRESSION,
		'desc' => 'Echoing Sql',
		'pattern' => '/echo[\(\s].*?\$sql/i'
	),
	array(
		'type' => PHPPARSER_LANGUAGE_CONSTRUCT,
		'desc' => 'Evil Eval',
		'pattern' => '/^eval$/i'
	),
	array(
		'type' => PHPPARSER_FUNCTION_CALL,
		'desc' => 'PRINT_R or VAR_DUMP',
		'pattern' => '/^(print_r|var_dump)$/i'
	),
	array(
		'type' => PHPPARSER_EXPRESSION,
		'desc' => 'Developer Email',
		'pattern' => '/(?<!dev|qa)@payquik\.com/'
	),
);
$foo = 'bar';
$_FILTERS = $filters;

// Undefined variable, skipped until the global scope can be scanned properly.
echo $undefined;

function test( $object, $foo = false ) {
	global $foo, $filters;
	// Trigger undefined variable via non-referenced global variable.
	$filters = $_FILTERS;
	// Superglobal
	echo $_GET['stuff'];

	$bar = array();
	$bar[$baz] = 'nutter'; // $baz should be undefined here
	$zzz[$foo] = 'ok'; // $zzz should be defined here
	
	foreach( $filters as $key => $filter ) {
		if( $object['type'] == $filter['type'] ) {
			if( preg_match( $filter['pattern'], $object['name'] ) > 0 ) {
				echo "fn: Triggered Filter '{$filter['desc']}' at line {$object['line']}\n";
			}
		}
	}
}

$parser = new PHPParser( PHPPARSER_FETCH_EXPRESSIONS | PHPPARSER_FETCH_CALLS | PHPPARSER_FETCH_INTERNAL | PHPPARSER_FETCH_CONSTRUCTS );
$parser->registerCallback( 'test' );
$parser->parseFile( __FILE__ );

$sql = "select * from failure";
echo "Here's the $sql!\n";
mail( 'correl@payquik.com', 'subject', 'stuffs' );
eval( "echo \"here's eval!\n\";" );
print_r( $sql );
var_dump( $sql );
echo "done\n";
}}}

/* OUTPUT:

Triggered Filter 'Echoing Sql' at line 42
Triggered Filter 'Developer Email' at line 43
Triggered Filter 'Evil Eval' at line 44
Triggered Filter 'PRINT_R or VAR_DUMP' at line 45
Triggered Filter 'PRINT_R or VAR_DUMP' at line 46

*/

?>
Importing code scanner git-svn-id: file:///srv/svn/scanner/trunk@1 a0501263-5b7a-4423-a8ba-1edf086583e7 2007-12-20 04:49:58 +00:00			`<?php`
			`require_once( 'parser.php' );`

			`$filters = array(`
			`array(`
			`'type' => PHPPARSER_EXPRESSION,`
			`'desc' => 'Echoing Sql',`
			`'pattern' => '/echo[\(\s].*?\$sql/i'`
			`),`
			`array(`
			`'type' => PHPPARSER_LANGUAGE_CONSTRUCT,`
			`'desc' => 'Evil Eval',`
			`'pattern' => '/^eval$/i'`
			`),`
			`array(`
			`'type' => PHPPARSER_FUNCTION_CALL,`
			`'desc' => 'PRINT_R or VAR_DUMP',`
			`'pattern' => '/^(print_r\|var_dump)$/i'`
			`),`
			`array(`
			`'type' => PHPPARSER_EXPRESSION,`
			`'desc' => 'Developer Email',`
			`'pattern' => '/(?<!dev\|qa)@payquik\.com/'`
			`),`
			`);`
Parser modified to return inline html, variables and variable assignment. Included some phpunit tests. Assignment fetching is good, but not perfect (doesn't handle array index assignment or nested expressions yet, see tests for more information). Therefore, the variable scan is not enabled by default yet. Mantis: 2691 git-svn-id: file:///srv/svn/scanner/trunk@19 a0501263-5b7a-4423-a8ba-1edf086583e7 2008-05-22 20:05:53 +00:00			`$foo = 'bar';`
			`$_FILTERS = $filters;`
Importing code scanner git-svn-id: file:///srv/svn/scanner/trunk@1 a0501263-5b7a-4423-a8ba-1edf086583e7 2007-12-20 04:49:58 +00:00
Parser modified to return inline html, variables and variable assignment. Included some phpunit tests. Assignment fetching is good, but not perfect (doesn't handle array index assignment or nested expressions yet, see tests for more information). Therefore, the variable scan is not enabled by default yet. Mantis: 2691 git-svn-id: file:///srv/svn/scanner/trunk@19 a0501263-5b7a-4423-a8ba-1edf086583e7 2008-05-22 20:05:53 +00:00			`// Undefined variable, skipped until the global scope can be scanned properly.`
			`echo $undefined;`

			`function test( $object, $foo = false ) {`
			`global $foo, $filters;`
			`// Trigger undefined variable via non-referenced global variable.`
			`$filters = $_FILTERS;`
			`// Superglobal`
			`echo $_GET['stuff'];`

			`$bar = array();`
			`$bar[$baz] = 'nutter'; // $baz should be undefined here`
			`$zzz[$foo] = 'ok'; // $zzz should be defined here`
Created the scanner app, along with two simple modules. The parser is now event driven... use of the parsed_objects array is now deprecated and will be removed once the old function call report that relies on it is replaced. Mantis: 2691 git-svn-id: file:///srv/svn/scanner/trunk@2 a0501263-5b7a-4423-a8ba-1edf086583e7 2008-02-13 22:39:27 +00:00
Parser modified to return inline html, variables and variable assignment. Included some phpunit tests. Assignment fetching is good, but not perfect (doesn't handle array index assignment or nested expressions yet, see tests for more information). Therefore, the variable scan is not enabled by default yet. Mantis: 2691 git-svn-id: file:///srv/svn/scanner/trunk@19 a0501263-5b7a-4423-a8ba-1edf086583e7 2008-05-22 20:05:53 +00:00			`foreach( $filters as $key => $filter ) {`
Importing code scanner git-svn-id: file:///srv/svn/scanner/trunk@1 a0501263-5b7a-4423-a8ba-1edf086583e7 2007-12-20 04:49:58 +00:00			`if( $object['type'] == $filter['type'] ) {`
			`if( preg_match( $filter['pattern'], $object['name'] ) > 0 ) {`
Created the scanner app, along with two simple modules. The parser is now event driven... use of the parsed_objects array is now deprecated and will be removed once the old function call report that relies on it is replaced. Mantis: 2691 git-svn-id: file:///srv/svn/scanner/trunk@2 a0501263-5b7a-4423-a8ba-1edf086583e7 2008-02-13 22:39:27 +00:00			`echo "fn: Triggered Filter '{$filter['desc']}' at line {$object['line']}\n";`
Importing code scanner git-svn-id: file:///srv/svn/scanner/trunk@1 a0501263-5b7a-4423-a8ba-1edf086583e7 2007-12-20 04:49:58 +00:00			`}`
			`}`
			`}`
			`}`

Created the scanner app, along with two simple modules. The parser is now event driven... use of the parsed_objects array is now deprecated and will be removed once the old function call report that relies on it is replaced. Mantis: 2691 git-svn-id: file:///srv/svn/scanner/trunk@2 a0501263-5b7a-4423-a8ba-1edf086583e7 2008-02-13 22:39:27 +00:00			`$parser = new PHPParser( PHPPARSER_FETCH_EXPRESSIONS \| PHPPARSER_FETCH_CALLS \| PHPPARSER_FETCH_INTERNAL \| PHPPARSER_FETCH_CONSTRUCTS );`
			`$parser->registerCallback( 'test' );`
			`$parser->parseFile( __FILE__ );`

Importing code scanner git-svn-id: file:///srv/svn/scanner/trunk@1 a0501263-5b7a-4423-a8ba-1edf086583e7 2007-12-20 04:49:58 +00:00			`$sql = "select * from failure";`
			`echo "Here's the $sql!\n";`
			`mail( 'correl@payquik.com', 'subject', 'stuffs' );`
			`eval( "echo \"here's eval!\n\";" );`
			`print_r( $sql );`
			`var_dump( $sql );`
			`echo "done\n";`
Created the scanner app, along with two simple modules. The parser is now event driven... use of the parsed_objects array is now deprecated and will be removed once the old function call report that relies on it is replaced. Mantis: 2691 git-svn-id: file:///srv/svn/scanner/trunk@2 a0501263-5b7a-4423-a8ba-1edf086583e7 2008-02-13 22:39:27 +00:00			`}}}`
Importing code scanner git-svn-id: file:///srv/svn/scanner/trunk@1 a0501263-5b7a-4423-a8ba-1edf086583e7 2007-12-20 04:49:58 +00:00
			`/* OUTPUT:`

			`Triggered Filter 'Echoing Sql' at line 42`
			`Triggered Filter 'Developer Email' at line 43`
			`Triggered Filter 'Evil Eval' at line 44`
			`Triggered Filter 'PRINT_R or VAR_DUMP' at line 45`
			`Triggered Filter 'PRINT_R or VAR_DUMP' at line 46`

			`*/`

			`?>`