From b6550df5d68cc4692ce113473d5c9fb7155b0bb2 Mon Sep 17 00:00:00 2001
From: BlBana <635373043@qq.com>
Date: Tue, 5 Sep 2017 11:51:16 +0800
Subject: [PATCH] Optimization of detection eval

---
 cobra/cve_parse.py |  4 ++--
 cobra/parser.py    | 11 +++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/cobra/cve_parse.py b/cobra/cve_parse.py
index 8be555ed..e43c5419 100644
--- a/cobra/cve_parse.py
+++ b/cobra/cve_parse.py
@@ -390,8 +390,8 @@ def parse_math(cve_path, cve_id, cve_level, module_):
     mr.rule_name = rule_name
     mr.level = cve_level
     mr.file_path = module_name
-    mr.line_number = module_version
-    mr.code_content = 'Module:' + mr.file_path
+    mr.line_number = 1
+    mr.code_content = module_name + ':' + module_version
 
     logger.debug('[CVE {i}] {r}:Find {n}:{v} have vul {c} and level is {l}'.format(i=mr.id, r=mr.rule_name,
                                                                                    n=mr.file_path, v=mr.line_number,
diff --git a/cobra/parser.py b/cobra/parser.py
index 67dc55d4..ccbeef9e 100644
--- a/cobra/parser.py
+++ b/cobra/parser.py
@@ -95,6 +95,12 @@ def get_silence_params(node):
     if isinstance(node.expr, php.FunctionCall):
         param.append(node.expr)
 
+    if isinstance(node.expr, php.Eval):
+        param.append(node.expr)
+
+    if isinstance(node.expr, php.Assignment):
+        param.append(node.expr)
+
     return param
 
 
@@ -608,6 +614,7 @@ def analysis(nodes, vul_function, back_node, vul_lineo, function_params=None):
     :param function_params: 自定义函数的所有参数列表
     :return:
     """
+    buffer_ = []
     for node in nodes:
         if isinstance(node, php.FunctionCall):  # 函数直接调用，不进行赋值
             anlysis_function(node, back_node, vul_function, function_params, vul_lineo)
@@ -619,6 +626,10 @@ def analysis(nodes, vul_function, back_node, vul_lineo, function_params=None):
             if isinstance(node.expr, php.Eval):
                 analysis_eval(node.expr, vul_function, back_node, vul_lineo, function_params)
 
+            if isinstance(node.expr, php.Silence):
+                buffer_.append(node.expr)
+                analysis(buffer_, vul_function, back_node, vul_lineo, function_params)
+
         elif isinstance(node, php.Print) or isinstance(node, php.Echo):
             analysis_echo_print(node, back_node, vul_function, vul_lineo, function_params)