Skip to content

Commit 55cfc6b

Browse files
committed
fix #64 globals variable state
1 parent 4b8ae90 commit 55cfc6b

File tree

7 files changed

+161
-98
lines changed

7 files changed

+161
-98
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,3 +12,4 @@ projects/phar/composer.lock
1212
vendor/
1313
composer.lock
1414
indent.sh
15+
.DS_Store

package/src/progpilot/Analysis/VisitorAnalysis.php

Lines changed: 126 additions & 95 deletions
Large diffs are not rendered by default.

package/src/progpilot/Helpers/State.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -154,8 +154,12 @@ public static function mergeDefsBlockIdStates($defs, $concatValues, $block)
154154

155155
foreach ($defs as $def) {
156156
if ($def->isType(MyDefinition::TYPE_ARRAY_ELEMENT)
157-
|| $def->isType(MyDefinition::TYPE_PROPERTY)) {
157+
|| $def->isType(MyDefinition::TYPE_PROPERTY)
158+
|| $def->isType(MyDefinition::TYPE_REFERENCE)) {
158159
$state = $def->getState($blockId);
160+
if (is_null($state)) {
161+
$state = $def->getCurrentState();
162+
}
159163
} else {
160164
$state = $def->getCurrentState();
161165
}

projects/tests/foldertest.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@
4343
],
4444
[
4545
"./tests/real/incallstack/",
46-
[["\$rtrim_return", "77", "xss"]]
46+
[["\$rtrim_return", "77", "xss"],
47+
["\$localfile", "610", "path_traversal"]]
4748
]
4849
];

projects/tests/generictest.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -334,6 +334,12 @@
334334
[["\$_POST[\"form_id\"]", "6", "sql_injection"]]
335335
],
336336

337+
[
338+
"./tests/generic/global5.php",
339+
[["\$query", "8", "sql_injection"],
340+
["\$row[1]", "17", "xss"]]
341+
],
342+
337343
[
338344
"./tests/generic/namespace1.php",
339345
[["\$_GET[\"p\"]", "9", "xss"]]

projects/tests/phpwandertest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@
6868
],// a corriger
6969
[
7070
"./tests/phpwander/test13.php",
71-
[]
71+
[["\$value", "11", "xss"]]
7272
],
7373
[
7474
"./tests/phpwander/test14.php",
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
<?php
2+
$tainted = 'Constant';
3+
4+
function test() {
5+
$GLOBALS['tainted'] = $_POST["tainted"];
6+
$db = mysqli_connect("127.0.0.1", "root", "123456");
7+
mysqli_select_db($db, "testcasesqli");
8+
$query = "select * from users where id=".$GLOBALS["tainted"];
9+
$result = mysqli_query($db, $query);
10+
if ($result == false) {
11+
exit("Database error !<br />");
12+
}
13+
$row = mysqli_fetch_array($result);
14+
if ($row == null) {
15+
exit("Error ID or password.<br />");
16+
}
17+
print("Login successfully!<br />welcome,".$row[1]."<br />");
18+
}
19+
20+
test();

0 commit comments

Comments
 (0)