-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can I find a function have arguments, which assigning from any user-supply #39
Comments
This type of checks is better handled by more sophisticated tools that understand the data flow. That being said, I think you can do something like this:
The pattern above:
Problems:
So, when (1) is fixed, it can find $input = $_GET["src"];
$unrelated = $foo['blah'];
function f() {
}
f();
echo file_get_contents($input); // <- matched
echo file_get_contents($unrelated); But it will not find anything here: $input = $_GET["src"];
if ($whatever) {
echo file_get_contents($input);
} Maybe we can figure out what syntax/CLI options would be used to achieve that, but I still think that this is a task for things similar to CodeQL (although I don't think it supports PHP). |
What is pattern for detect the code? |
How to build a rule match with above situation?
The text was updated successfully, but these errors were encountered: