Skip to content
This repository has been archived by the owner on Nov 28, 2023. It is now read-only.

Commit

Permalink
Merge pull request #533 from wufeifei/develop
Browse files Browse the repository at this point in the history
Optimization of detection eval
  • Loading branch information
FeeiCN authored Sep 5, 2017
2 parents e3e29b4 + 5b05623 commit 886aae9
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 2 deletions.
4 changes: 2 additions & 2 deletions cobra/cve_parse.py
Original file line number Diff line number Diff line change
Expand Up @@ -390,8 +390,8 @@ def parse_math(cve_path, cve_id, cve_level, module_):
mr.rule_name = rule_name
mr.level = cve_level
mr.file_path = module_name
mr.line_number = module_version
mr.code_content = 'Module:' + mr.file_path
mr.line_number = 1
mr.code_content = module_name + ':' + module_version

logger.debug('[CVE {i}] {r}:Find {n}:{v} have vul {c} and level is {l}'.format(i=mr.id, r=mr.rule_name,
n=mr.file_path, v=mr.line_number,
Expand Down
11 changes: 11 additions & 0 deletions cobra/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,12 @@ def get_silence_params(node):
if isinstance(node.expr, php.FunctionCall):
param.append(node.expr)

if isinstance(node.expr, php.Eval):
param.append(node.expr)

if isinstance(node.expr, php.Assignment):
param.append(node.expr)

return param


Expand Down Expand Up @@ -608,6 +614,7 @@ def analysis(nodes, vul_function, back_node, vul_lineo, function_params=None):
:param function_params: 自定义函数的所有参数列表
:return:
"""
buffer_ = []
for node in nodes:
if isinstance(node, php.FunctionCall): # 函数直接调用,不进行赋值
anlysis_function(node, back_node, vul_function, function_params, vul_lineo)
Expand All @@ -619,6 +626,10 @@ def analysis(nodes, vul_function, back_node, vul_lineo, function_params=None):
if isinstance(node.expr, php.Eval):
analysis_eval(node.expr, vul_function, back_node, vul_lineo, function_params)

if isinstance(node.expr, php.Silence):
buffer_.append(node.expr)
analysis(buffer_, vul_function, back_node, vul_lineo, function_params)

elif isinstance(node, php.Print) or isinstance(node, php.Echo):
analysis_echo_print(node, back_node, vul_function, vul_lineo, function_params)

Expand Down

0 comments on commit 886aae9

Please sign in to comment.