Merge pull request #532 from BlBana/origin/develop

Optimization of detection eval

Author: FeeiCN

cobra/cve_parse.py

@@ -390,8 +390,8 @@ def parse_math(cve_path, cve_id, cve_level, module_):
     mr.rule_name = rule_name
     mr.level = cve_level
     mr.file_path = module_name
-    mr.line_number = module_version
-    mr.code_content = 'Module:' + mr.file_path
+    mr.line_number = 1
+    mr.code_content = module_name + ':' + module_version
 
     logger.debug('[CVE {i}] {r}:Find {n}:{v} have vul {c} and level is {l}'.format(i=mr.id, r=mr.rule_name,
                                                                                    n=mr.file_path, v=mr.line_number,

cobra/parser.py

@@ -95,6 +95,12 @@ def get_silence_params(node):
     if isinstance(node.expr, php.FunctionCall):
         param.append(node.expr)
 
+    if isinstance(node.expr, php.Eval):
+        param.append(node.expr)
+
+    if isinstance(node.expr, php.Assignment):
+        param.append(node.expr)
+
     return param
 
 
@@ -608,6 +614,7 @@ def analysis(nodes, vul_function, back_node, vul_lineo, function_params=None):
     :param function_params: 自定义函数的所有参数列表
     :return:
     """
+    buffer_ = []
     for node in nodes:
         if isinstance(node, php.FunctionCall):  # 函数直接调用，不进行赋值
             anlysis_function(node, back_node, vul_function, function_params, vul_lineo)
@@ -619,6 +626,10 @@ def analysis(nodes, vul_function, back_node, vul_lineo, function_params=None):
             if isinstance(node.expr, php.Eval):
                 analysis_eval(node.expr, vul_function, back_node, vul_lineo, function_params)
 
+            if isinstance(node.expr, php.Silence):
+                buffer_.append(node.expr)
+                analysis(buffer_, vul_function, back_node, vul_lineo, function_params)
+
         elif isinstance(node, php.Print) or isinstance(node, php.Echo):
             analysis_echo_print(node, back_node, vul_function, vul_lineo, function_params)