/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
if ($stackPtr > 0) {
return;
}
$fileName = $phpcsFile->getFileName();
if (!preg_match('/includes\\/bootstrap\\.inc$/', $fileName)) {
return;
}
$utils = Security_Sniffs_UtilsFactory::getInstance('Drupal7');
$tokens = $phpcsFile->getTokens();
if ($tokens[$stackPtr]['content'] == "'VERSION'") {
$s = $phpcsFile->findNext(T_CONSTANT_ENCAPSED_STRING, $stackPtr + 1);
if (preg_match('/(\\d+)\\.(\\d+)/', $tokens[$s]['content'], $m)) {
// Check if it's the right Drupal version
if ($m[1] != 7) {
return;
}
$minorversion = $m[2];
} else {
// This is not the right Drupal file?
return;
}
foreach ($utils::$CoreAdvisories as $key => $value) {
if ($minorversion < $key) {
// TODO clean the error and maybe the variable in Utils.. make a loop for fetch all bugs and addErrors?
$phpcsFile->addError("FOUND core out of date {$minorversion} {$key}, " . $value[0][0] . " cves: " . $value[0][1], $stackPtr, 'D7AdvCore');
}
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
if (preg_match('/<|>/', $tokens[$stackPtr]['content'])) {
$end = $phpcsFile->findNext(T_SEMICOLON, $stackPtr + 1);
$next = $stackPtr;
while ($next && ($next = $phpcsFile->findNext(array_merge(array(T_STRING_CONCAT), PHP_CodeSniffer_Tokens::$emptyTokens), $next + 1, $end, true))) {
// Next token will be checked with this sniff, no need to go further
if (in_array($tokens[$next]['code'], $this->register())) {
return;
}
if ($next && !in_array($tokens[$next]['content'], $utils::getXSSMitigationFunctions())) {
if ($utils::is_direct_user_input($tokens[$next]['content'])) {
$phpcsFile->addError('HTML construction with direct user input ' . $tokens[$next]['content'] . ' detected.', $stackPtr, 'D7XSSHTMLConstructErr');
} elseif (PHP_CodeSniffer::getConfigData('ParanoiaMode') && !in_array($tokens[$next]['code'], array_merge(array(T_INLINE_ELSE, T_COMMA), PHP_CodeSniffer_Tokens::$booleanOperators))) {
if ($tokens[$next]['code'] == T_CLOSE_PARENTHESIS) {
$f = $phpcsFile->findPrevious(T_STRING, $next);
if ($f) {
$phpcsFile->addWarning('HTML construction with ' . $tokens[$f]['content'] . '() detected.', $stackPtr, 'D7XSSHTMLConstructWarnF');
}
} else {
$phpcsFile->addWarning('HTML construction with ' . $tokens[$next]['content'] . ' detected.', $stackPtr, 'D7XSSHTMLConstructWarn');
}
}
}
$next = $phpcsFile->findNext(T_STRING_CONCAT, $next + 1, $end);
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
if ($tokens[$stackPtr]['content'] == "'#value'" || $tokens[$stackPtr]['content'] == '"#value"') {
$closer = $phpcsFile->findNext(T_SEMICOLON, $stackPtr);
$next = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$bracketTokens, PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$assignmentTokens), $stackPtr + 1, $closer + 1, true);
if ($next == $closer && $tokens[$next]['code'] == T_SEMICOLON) {
// Case of $label = $element['#value'];
$next = $phpcsFile->findPrevious(PHP_CodeSniffer_Tokens::$assignmentTokens, $next);
$next = $phpcsFile->findPrevious(T_VARIABLE, $next);
$phpcsFile->addWarning('Potential XSS found with #value on ' . $tokens[$next]['content'], $next, 'D7XSSWarFormValue');
} elseif ($next && $utils::is_token_user_input($tokens[$next])) {
$phpcsFile->addError('XSS found with #value on ' . $tokens[$next]['content'], $next, 'D7XSSErrFormValue');
} elseif ($next && PHP_CodeSniffer::getConfigData('ParanoiaMode')) {
if (in_array($tokens[$next]['content'], $utils::getXSSMitigationFunctions())) {
$n = $phpcsFile->findNext($utils::getVariableTokens(), $next + 1, $closer);
if ($n) {
$phpcsFile->addWarning('Potential XSS found with #value on ' . $tokens[$n]['content'], $n, 'D7XSSWarFormValue');
}
} else {
$phpcsFile->addWarning('Potential XSS found with #value on ' . $tokens[$next]['content'], $next, 'D7XSSWarFormValue');
}
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
if (in_array($tokens[$stackPtr]['content'], $utils::getFilesystemFunctions())) {
if ($tokens[$stackPtr]['content'] == 'symlink') {
$phpcsFile->addWarning('Allowing symlink() while open_basedir is used is actually a security risk. Disabled by default in Suhosin >= 0.9.6', $stackPtr, 'WarnSymlink');
}
$s = $stackPtr + 1;
$opener = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr, null, false, null, true);
if (!$opener) {
// No opener found, so it's probably not a function call
if (PHP_CodeSniffer::getConfigData('ParanoiaMode')) {
$phpcsFile->addWarning('Filesystem function ' . $tokens[$stackPtr]['content'] . ' used but not as a function', $stackPtr, 'WarnWeirdFilesystem');
}
return;
}
$closer = $tokens[$opener]['parenthesis_closer'];
$s = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$bracketTokens, Security_Sniffs_Utils::$staticTokens), $s, $closer, true);
if ($s) {
$msg = 'Filesystem function ' . $tokens[$stackPtr]['content'] . '() detected with dynamic parameter';
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' directly from user input', $stackPtr, 'ErrFilesystem');
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnFilesystem');
}
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$tokens = $phpcsFile->getTokens();
$utils = Security_Sniffs_UtilsFactory::getInstance($this->CmsFramework);
if (in_array($tokens[$stackPtr]['content'], $utils::getCallbackFunctions())) {
$opener = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr, null, false, null, true);
$closer = $tokens[$opener]['parenthesis_closer'];
$s = $stackPtr + 1;
if ($tokens[$stackPtr]['content'] == 'array_filter') {
// Case of array_filter() with only one argument
$s = $phpcsFile->findNext(T_COMMA, $s, $closer);
if (!$s) {
return;
}
}
$s = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$bracketTokens, Security_Sniffs_Utils::$staticTokens, array(T_STRING_CONCAT)), $s, $closer, true);
$msg = 'Function ' . $tokens[$stackPtr]['content'] . '() that supports callback detected';
if ($s) {
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' with parameter directly from user input', $stackPtr, 'ErrFringestuff');
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnFringestuff');
}
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
if ($tokens[$stackPtr]['content'] == 'preg_replace') {
$s = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr);
$closer = $tokens[$s]['parenthesis_closer'];
$s = $phpcsFile->findNext(PHP_CodeSniffer_Tokens::$emptyTokens, $s + 1, $closer, true);
if ($tokens[$s]['code'] == T_CONSTANT_ENCAPSED_STRING) {
$pattern = $tokens[$s]['content'];
if (substr($pattern, 1, 1) === '/') {
// $pattern is a regex
if (preg_match('/(\\/|\\))\\w*e\\w*"$/', $pattern)) {
$phpcsFile->addWarning("Usage of preg_replace with /e modifier is not recommended.", $stackPtr, 'PregReplaceE');
$s = $phpcsFile->findNext(array(T_COMMA, T_WHITESPACE, T_COMMENT, T_DOC_COMMENT), $s + 1, $closer, true);
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError("User input and /e modifier found in preg_replace, remote code execution possible.", $stackPtr, 'PregReplaceUserInputE');
}
}
} else {
$phpcsFile->addWarning("Weird usage of preg_replace, please check manually for /e modifier.", $stackPtr, 'PregReplaceWeird');
}
} elseif ($tokens[$s]['code'] == T_VARIABLE && $utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError("User input found in preg_replace, /e modifier could be used for malicious intent.", $stackPtr, 'PregReplaceUserInput');
} else {
$phpcsFile->addWarning("Dynamic usage of preg_replace, please check manually for /e modifier or user input.", $stackPtr, 'PregReplaceDyn');
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
if ($this->forceParanoia >= 0) {
$parano = $this->forceParanoia ? 1 : 0;
} else {
$parano = PHP_CodeSniffer::getConfigData('ParanoiaMode') ? 1 : 0;
}
$tokens = $phpcsFile->getTokens();
$s = $phpcsFile->findNext(PHP_CodeSniffer_Tokens::$emptyTokens, $stackPtr, null, true, null, true);
if ($tokens[$stackPtr]['code'] == T_OPEN_TAG_WITH_ECHO) {
$closer = $phpcsFile->findNext(T_CLOSE_TAG, $stackPtr);
} elseif ($tokens[$s]['code'] == T_OPEN_PARENTHESIS) {
$closer = $tokens[$s]['parenthesis_closer'];
} else {
$closer = $phpcsFile->findNext(array(T_SEMICOLON, T_CLOSE_TAG), $stackPtr);
$s = $stackPtr;
}
$warn = false;
while ($s) {
$s = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$bracketTokens, Security_Sniffs_Utils::$staticTokens), $s + 1, $closer, true);
if ($s && $utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError('Easy XSS detected because of direct user input with ' . $tokens[$s]['content'] . ' on ' . $tokens[$stackPtr]['content'], $s, 'EasyXSSerr');
} elseif ($s && $utils::is_XSS_mitigation($tokens[$s]['content'])) {
$s = $tokens[$s + 1]['parenthesis_closer'];
} elseif ($s && $parano && !$warn) {
$warn = $s;
}
}
if ($warn) {
$phpcsFile->addWarning('Possible XSS detected with ' . $tokens[$warn]['content'] . ' on ' . $tokens[$stackPtr]['content'], $warn, 'EasyXSSwarn');
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
if ($stackPtr > 0) {
return;
}
$dversion = '7';
$fileName = $phpcsFile->getFileName();
if (!preg_match('/\\.info$/', $fileName)) {
return;
}
$utils = Security_Sniffs_UtilsFactory::getInstance('Drupal7');
$tokens = $phpcsFile->getTokens();
$info = $utils->drupal_parse_info_format(file_get_contents($fileName));
if (isset($info) && count($info) && array_key_exists('project', $info) && array_key_exists($info['project'], $utils::$ContribAdvisories)) {
if ($utils::$ContribAdvisories[$info['project']][0][0] == 'abandoned') {
$phpcsFile->addError("Module " . $info['project'] . " is abandoned due to a security issue the maintainer never fixed. Details: " . $utils::$ContribAdvisories[$info['project']][0][1], $stackPtr, 'D7ErrAdvisoriesContribAbandonned');
return;
}
if ($utils::$ContribAdvisories[$info['project']][0][0] == 'unsupported') {
$phpcsFile->addError("Module " . $info['project'] . " is unsupported due to unfixed security issue. The Drupal Security Team recommends that this module be uninstalled immediately Details: " . $utils::$ContribAdvisories[$info['project']][0][1], $stackPtr, 'D7ErrAdvisoriesContribUnsupported');
return;
}
if (array_key_exists('core', $info) && array_key_exists('version', $info)) {
if (strpos($info['core'], $dversion) === 0) {
foreach ($utils::$ContribAdvisories[$info['project']] as $vcve) {
list($a, $CVEversion) = explode('-', $vcve[0]);
if ($a != $info['core']) {
echo "WARNING Drupal core version inconsistence!!";
}
list($a, $mversion) = explode('-', $info['version']);
$CVEversion = (double) $CVEversion;
if (preg_match('/dev/', $vcve[0])) {
$phpcsFile->addWarning("WARNING module " . $info['project'] . " does not have any release for the security fix, manual checking required. Details: " . $vcve[1], $stackPtr, 'D7WarnAdvisoriesContribDev');
}
if (preg_match('/rc|alpha|beta/', $vcve[0])) {
$phpcsFile->addWarning("WARNING module " . $info['project'] . " is using special version tagging around the security fix, manual checking recommanded. Details: " . $vcve[1], $stackPtr, 'D7WarnAdvisoriesContribrc');
}
$mversion = (double) $mversion;
$diff = $CVEversion - $mversion;
if ($diff > 0 && $diff < 1) {
$phpcsFile->addError("Module " . $info['project'] . " " . $info['version'] . " contains security issue and must be updated to at least {$vcve['0']}. Details: " . $vcve[1], $stackPtr, 'D7ErrAdvisoriesContribFoundMinor');
} elseif ($diff >= 1) {
$phpcsFile->addWarning("Module " . $info['project'] . " " . $info['version'] . " is out of date a major version and might contains security issue. " . $vcve[1], $stackPtr, 'D7WarnAdvisoriesContribFoundMajor');
} elseif ($diff <= 0) {
if (preg_match('/x$/', $vcve[0])) {
$phpcsFile->addError("Module " . $info['project'] . " " . $info['version'] . " contains security issue to all {$vcve['0']} versions. " . $vcve[1], $stackPtr, 'D7ErrAdvisoriesContribFoundMajor');
} else {
//echo "$fileName: SAFE! " . $info['version'] . "\n";
}
} else {
echo "MAJOR ERROR IN LOGIC!!!!!\n";
}
}
}
} else {
$phpcsFile->addWarning("Module " . $info['project'] . " is listed in advisories but file doesn't provide version information. Please use packages from drupal.org", $stackPtr, 'D7WarnAdvisoriesContribNoInfo');
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$tokens = $phpcsFile->getTokens();
$utils = Security_Sniffs_UtilsFactory::getInstance($this->CmsFramework);
if ($tokens[$stackPtr]['content'] == 'phpinfo') {
$phpcsFile->addWarning('phpinfo() function detected', $stackPtr, 'WarnPhpinfo');
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
// http://www.php.net/manual/en/book.mysqli.php
$mysqlifunctions = array('query', 'prepare', 'multi_query', 'real_query');
if ($tokens[$stackPtr]['code'] == T_NEW) {
$s = $phpcsFile->findNext(T_STRING, $stackPtr);
if ($tokens[$s]['content'] == 'mysqli') {
$s = $phpcsFile->findPrevious(T_VARIABLE, $stackPtr);
if ($s) {
$utils::addSQLObjects($tokens[$s]['content']);
}
}
} elseif ($tokens[$stackPtr]['code'] == T_OBJECT_OPERATOR) {
$prev = $phpcsFile->findPrevious(T_VARIABLE, $stackPtr);
if ($prev && in_array($tokens[$prev]['content'], $utils::getSQLObjects())) {
$next = $phpcsFile->findNext(T_STRING, $stackPtr);
if ($next && in_array($tokens[$next]['content'], $mysqlifunctions)) {
$s = $utils::findDirtyParam($phpcsFile, $next);
if ($s) {
$msg = 'MYSQLi function ' . $tokens[$next]['content'] . '() detected with dynamic parameter ';
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' directly from user input', $stackPtr, 'ErrMysqli');
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnMysqli');
}
}
}
}
} elseif ($tokens[$stackPtr]['code'] == T_STRING && $tokens[$stackPtr]['content'] == 'mysqli_connect') {
$prev = $phpcsFile->findPrevious(T_VARIABLE, $stackPtr);
if ($prev) {
$utils::addSQLObjects($tokens[$prev]['content']);
}
$s = $utils::findDirtyParam($phpcsFile, $stackPtr);
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError('mysqli_connect() param directly from user input', $stackPtr, 'ErrMysqliconnect');
}
} elseif ($tokens[$stackPtr]['code'] == T_STRING && in_array($tokens[$stackPtr]['content'], array_map(function ($v) {
return 'mysqli_' . $v;
}, $mysqlifunctions))) {
// The first parameter is always the link
$p2 = $utils::get_param_tokens($phpcsFile, $stackPtr, 2);
$s = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$bracketTokens, Security_Sniffs_Utils::$staticTokens, array(T_STRING_CONCAT)), $p2[0]['stackPtr'], end($p2)['stackPtr'] + 1, true);
if ($s) {
$msg = 'MYSQLi function ' . $tokens[$stackPtr]['content'] . '() detected with dynamic parameter ';
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' directly from user input', $stackPtr, 'ErrMysqli' . $tokens[$stackPtr]['content']);
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnMysqli' . $tokens[$stackPtr]['content']);
}
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
// Run this sniff only in paranoia mode
if (!PHP_CodeSniffer::getConfigData('ParanoiaMode')) {
return;
}
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
if (preg_match("/^mcrypt_/", $tokens[$stackPtr]['content']) || in_array($tokens[$stackPtr]['content'], $utils::getCryptoFunctions())) {
$phpcsFile->addWarning('Crypto function ' . $tokens[$stackPtr]['content'] . ' used.', $stackPtr, 'WarnCryptoFunc');
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
if ($tokens[$stackPtr]['content'] == "'#theme'" || $tokens[$stackPtr]['content'] == '"#theme"') {
$next = $phpcsFile->findNext(PHP_CodeSniffer_Tokens::$stringTokens, $stackPtr + 1);
if (PHP_CodeSniffer::getConfigData('ParanoiaMode') && $tokens[$next]['content'] == "'html_tag'") {
$phpcsFile->addWarning('Potential XSS found with #theme and html_tag', $stackPtr, 'D7XSSWarhtmltag');
} else {
$next = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$bracketTokens, PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$assignmentTokens), $stackPtr + 1, null, true);
if ($next && PHP_CodeSniffer::getConfigData('ParanoiaMode') && $tokens[$next]['code'] != T_CONSTANT_ENCAPSED_STRING) {
$phpcsFile->addWarning('Potential XSS found with #theme on ' . $tokens[$next]['content'], $stackPtr, 'D7XSSWarTheme');
}
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
$closer = $phpcsFile->findNext(T_BACKTICK, $stackPtr + 1, null, false, null, true);
if (!$closer) {
return;
}
$s = $stackPtr + 1;
$s = $phpcsFile->findNext(T_VARIABLE, $s, $closer);
if ($s) {
$msg = 'System execution with backticks detected with dynamic parameter';
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' directly from user input', $stackPtr, 'ErrSystemExec');
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnSystemExec');
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance($this->CmsFramework);
$tokens = $phpcsFile->getTokens();
if (in_array($tokens[$stackPtr]['content'], $utils::getFunctionhandlingFunctions())) {
$opener = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr, null, false, null, true);
$closer = $tokens[$opener]['parenthesis_closer'];
$s = $stackPtr + 1;
$s = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$bracketTokens, Security_Sniffs_Utils::$staticTokens, array(T_STRING_CONCAT)), $s, $closer, true);
if ($s) {
$msg = 'Function handling function ' . $tokens[$stackPtr]['content'] . '() detected with dynamic parameter';
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' directly from user input', $stackPtr, 'ErrFunctionHandling');
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnFunctionHandling');
}
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance();
$tokens = $phpcsFile->getTokens();
// http://www.php.net/manual/en/book.mysql.php
if ($tokens[$stackPtr]['content'] == 'mysql_query') {
$opener = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr, null, false, null, true);
$closer = $tokens[$opener]['parenthesis_closer'];
$s = $stackPtr + 1;
$s = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$bracketTokens, Security_Sniffs_Utils::$staticTokens, array(T_STRING_CONCAT)), $s, $closer, true);
if ($s) {
$msg = 'SQL function ' . $tokens[$stackPtr]['content'] . '() detected with dynamic parameter ';
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' directly from user input', $stackPtr, 'ErrFilesystem');
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnFilesystem');
}
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$utils = Security_Sniffs_UtilsFactory::getInstance($this->CmsFramework);
$tokens = $phpcsFile->getTokens();
$s = $phpcsFile->findNext(PHP_CodeSniffer_Tokens::$emptyTokens, $stackPtr, null, true, null, true);
if ($tokens[$s]['code'] == T_OPEN_PARENTHESIS) {
$closer = $tokens[$s]['parenthesis_closer'];
} else {
$closer = $phpcsFile->findNext(T_SEMICOLON, $stackPtr);
$s = $stackPtr;
}
while ($s) {
$s = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$bracketTokens, Security_Sniffs_Utils::$staticTokens), $s + 1, $closer, true);
if ($s && $utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError('Easy RFI detected because of direct user input with ' . $tokens[$s]['content'] . ' on ' . $tokens[$stackPtr]['content'], $s, 'WarnEasyRFI');
} elseif ($s && $this->ParanoiaMode && $tokens[$s]['content'] != '.') {
$phpcsFile->addWarning('Possible RFI detected with ' . $tokens[$s]['content'] . ' on ' . $tokens[$stackPtr]['content'], $s, 'WarnEasyRFI');
}
}
}
/**
* Processes the tokens that this sniff is interested in.
*
* @param PHP_CodeSniffer_File $phpcsFile The file where the token was found.
* @param int $stackPtr The position in the stack where
* the token was found.
*
* @return void
*/
public function process(PHP_CodeSniffer_File $phpcsFile, $stackPtr)
{
$tokens = $phpcsFile->getTokens();
$utils = Security_Sniffs_UtilsFactory::getInstance($this->CmsFramework);
if (preg_match("/^ftp_/", $tokens[$stackPtr]['content'])) {
$opener = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr, null, false, null, true);
$closer = $tokens[$opener]['parenthesis_closer'];
$s = $stackPtr + 1;
$s = $phpcsFile->findNext(array_merge(PHP_CodeSniffer_Tokens::$emptyTokens, PHP_CodeSniffer_Tokens::$bracketTokens, Security_Sniffs_Utils::$staticTokens, array(T_STRING_CONCAT)), $s, $closer, true);
$msg = 'Unusual function ' . $tokens[$stackPtr]['content'] . '() detected';
if ($s) {
if ($utils::is_token_user_input($tokens[$s])) {
$phpcsFile->addError($msg . ' with parameter directly from user input', $stackPtr, 'ErrFringestuff');
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnFringestuff');
}
} else {
$phpcsFile->addWarning($msg, $stackPtr, 'WarnFringestuff');
}
}
}
