Example #1
0
<?php

/**
----------------------------------------------------------------------+
* @desc 	Issue 2
* @flag		I2	L14
* @flag		I2	L27
* @score	10.00
----------------------------------------------------------------------+
*/
defined('SYSPATH') or die('No direct script access.');
echo "Reachable";
file_exists('somefile') || exit;
echo "Reachable";
some_random_function() or die;
echo "Reachable";
some_random_function() or die;
file_exists('somefile') || die;
<?php

function some_random_function()
{
}
// Verify sniff doesn't flag this line
some_random_function();
// Verify sniff doesn't flag this line
ini_set('display_errors', 1);
// Verify sniff doesn't flag this ini directive
ini_set('allow_url_include', 1);
$test = ini_get('allow_url_include');
ini_set("allow_url_include", 1);
ini_set('pcre.backtrack_limit', 1);
$test = ini_get('pcre.backtrack_limit');
ini_set('pcre.recursion_limit', 1);
$test = ini_get('pcre.recursion_limit');
ini_set('session.cookie_httponly', 1);
$test = ini_get('session.cookie_httponly');
ini_set('max_input_nesting_level', 1);
$test = ini_get('max_input_nesting_level');
ini_set('user_ini.filename', 1);
$test = ini_get('user_ini.filename');
ini_set('user_ini.cache_ttl', 1);
$test = ini_get('user_ini.cache_ttl');
ini_set('exit_on_timeout', 1);
$test = ini_get('exit_on_timeout');
ini_set('mbstring.http_output_conv_mimetype', 1);
$test = ini_get('mbstring.http_output_conv_mimetype');
ini_set('request_order', 1);
$test = ini_get('request_order');