scanner/test.php
Correl Roush 4244ed6d8b Importing code scanner
git-svn-id: file:///srv/svn/scanner/trunk@1 a0501263-5b7a-4423-a8ba-1edf086583e7
2007-12-20 04:49:58 +00:00

59 lines
1.4 KiB
PHP

<?php
require_once( 'parser.php' );
$filters = array(
array(
'type' => PHPPARSER_EXPRESSION,
'desc' => 'Echoing Sql',
'pattern' => '/echo[\(\s].*?\$sql/i'
),
array(
'type' => PHPPARSER_LANGUAGE_CONSTRUCT,
'desc' => 'Evil Eval',
'pattern' => '/^eval$/i'
),
array(
'type' => PHPPARSER_FUNCTION_CALL,
'desc' => 'PRINT_R or VAR_DUMP',
'pattern' => '/^(print_r|var_dump)$/i'
),
array(
'type' => PHPPARSER_EXPRESSION,
'desc' => 'Developer Email',
'pattern' => '/(?<!dev|qa)@payquik\.com/'
),
);
$parser = new PHPParser( PHPPARSER_FETCH_EXPRESSIONS | PHPPARSER_FETCH_CALLS | PHPPARSER_FETCH_INTERNAL | PHPPARSER_FETCH_CONSTRUCTS );
$parser->parseFile( __FILE__ );
foreach( $parser->parsed_objects as $object ) {
foreach( $filters as $filter ) {
if( $object['type'] == $filter['type'] ) {
if( preg_match( $filter['pattern'], $object['name'] ) > 0 ) {
echo "Triggered Filter '{$filter['desc']}' at line {$object['line']}\n";
}
}
}
}
$sql = "select * from failure";
echo "Here's the $sql!\n";
mail( 'correl@payquik.com', 'subject', 'stuffs' );
eval( "echo \"here's eval!\n\";" );
print_r( $sql );
var_dump( $sql );
echo "done\n";
/* OUTPUT:
Triggered Filter 'Echoing Sql' at line 42
Triggered Filter 'Developer Email' at line 43
Triggered Filter 'Evil Eval' at line 44
Triggered Filter 'PRINT_R or VAR_DUMP' at line 45
Triggered Filter 'PRINT_R or VAR_DUMP' at line 46
*/
?>