Skip to content
This repository was archived by the owner on Nov 28, 2023. It is now read-only.

Commit 95aec67

Browse files
authored
Merge pull request #565 from BlBana/origin/develop
FPC-Mode vuls repair and fixed two bugs
2 parents f4682c5 + 6438639 commit 95aec67

File tree

3 files changed

+18
-8
lines changed

3 files changed

+18
-8
lines changed

cobra/engine.py

+6-3
Original file line numberDiff line numberDiff line change
@@ -522,7 +522,7 @@ def is_annotation(self):
522522
- Java:
523523
:return: boolean
524524
"""
525-
match_result = re.findall(r"(#|\\\*|\/\/)+", self.code_content)
525+
match_result = re.findall(r"^(#|\\\*|\/\/)+", self.code_content)
526526
# Skip detection only on match
527527
if self.is_match_only_rule():
528528
return False
@@ -620,13 +620,16 @@ def scan(self):
620620
if self.file_path[-3:].lower() == 'php':
621621
try:
622622
ast = CAST(self.rule_match, self.target_directory, self.file_path, self.line_number, self.code_content)
623+
rule_repair = []
623624
if self.rule_match_mode == const.mm_function_param_controllable:
624-
rule_match = self.rule_match.strip('()').split('|')
625+
rule_match = self.rule_match.strip('()').split('|') # 漏洞规则整理为列表
626+
if self.rule_repair is not None:
627+
rule_repair = self.rule_repair.strip('()').split('|') # 修复规则整理为列表
625628
logger.debug('[RULE_MATCH] {r}'.format(r=rule_match))
626629
try:
627630
with open(self.file_path, 'r') as fi:
628631
code_contents = fi.read()
629-
result = scan_parser(code_contents, rule_match, self.line_number)
632+
result = scan_parser(code_contents, rule_match, self.line_number, rule_repair)
630633
logger.debug('[AST] [RET] {c}'.format(c=result))
631634
if len(result) > 0:
632635
if result[0]['code'] == 1: # 函数参数可控

cobra/parser.py

+10-4
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818

1919
with_line = True
2020
scan_results = [] # 结果存放列表初始化
21+
repairs = [] # 用于存放修复函数
2122

2223

2324
def export(items):
@@ -134,7 +135,7 @@ def get_binaryop_params(node): # 当为BinaryOp类型时,分别对left和righ
134135
if isinstance(node.right, php.Variable):
135136
params.append(node.right.name)
136137

137-
elif not isinstance(node.right, php.Variable) or not isinstance(node.left, php.Variable): # right不为变量时
138+
if not isinstance(node.right, php.Variable) or not isinstance(node.left, php.Variable): # right不为变量时
138139
params_right = get_binaryop_deep_params(node.right, params)
139140
params_left = get_binaryop_deep_params(node.left, params)
140141

@@ -213,8 +214,10 @@ def is_repair(expr):
213214
:return:
214215
"""
215216
is_re = False # 是否修复,默认值是未修复
216-
if expr == 'escapeshellcmd':
217-
is_re = True
217+
for repair in repairs:
218+
if expr == repair:
219+
is_re = True
220+
return is_re
218221
return is_re
219222

220223

@@ -661,16 +664,19 @@ def analysis(nodes, vul_function, back_node, vul_lineo, function_params=None):
661664
back_node.append(node)
662665

663666

664-
def scan_parser(code_content, sensitive_func, vul_lineno):
667+
def scan_parser(code_content, sensitive_func, vul_lineno, repair):
665668
"""
666669
开始检测函数
667670
:param code_content: 要检测的文件内容
668671
:param sensitive_func: 要检测的敏感函数,传入的为函数列表
669672
:param vul_lineno: 漏洞函数所在行号
673+
:param repair: 对应漏洞的修复函数列表
670674
:return:
671675
"""
672676
try:
677+
global repairs
673678
global scan_results
679+
repairs = repair
674680
scan_results = []
675681
parser = make_parser()
676682
all_nodes = parser.parse(code_content, debug=False, lexer=lexer.clone(), tracking=with_line)

tests/test_parser.py

+2-1
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,9 @@
2121
code_contents = fi.read()
2222

2323
sensitive_func = ['system']
24+
repairs = []
2425
lineno = 7
2526

2627

2728
def test_scan_parser():
28-
assert scan_parser(code_contents, sensitive_func, lineno)
29+
assert scan_parser(code_contents, sensitive_func, lineno, repairs)

0 commit comments

Comments
 (0)