Skip to content

Commit

Permalink
Merge pull request #56 from BitScout/22-detect-shell-exec-via-backticks
Browse files Browse the repository at this point in the history
feat(ban): Add rule to ban shell execution via backticks
  • Loading branch information
mremi authored Feb 25, 2022
2 parents 5416d33 + cc5e609 commit d3bca55
Show file tree
Hide file tree
Showing 16 changed files with 20 additions and 14 deletions.
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ CHANGELOG
master
------

* todo...
* Added rule to ban shell execution via backticks

v1.0.0
------
Expand Down
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,11 @@ parameters:
- system
- var_dump
# enable detection of shell execution by backticks
-
type: Expr_ShellExec
functions: null
# enable detection of `use Tests\Foo\Bar` in a non-test file
use_from_tests: true
```
Expand Down
5 changes: 5 additions & 0 deletions extension.neon
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,11 @@ parameters:
- system
- var_dump

# enable detection of shell execution by backticks
-
type: Expr_ShellExec
functions: null

# enable detection of `use Tests\Foo\Bar` in a non-test file
use_from_tests: true

Expand Down
3 changes: 3 additions & 0 deletions snippets/backticks.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<?php

`ls -lsa`;
1 change: 0 additions & 1 deletion snippets/echo.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

echo 'test echo';

1 change: 0 additions & 1 deletion snippets/eval.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

eval(true);

3 changes: 1 addition & 2 deletions snippets/exec.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

exec('');

exec('ls -lsa');
1 change: 0 additions & 1 deletion snippets/exit.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

exit;

1 change: 0 additions & 1 deletion snippets/passthru.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

passthru('');

1 change: 0 additions & 1 deletion snippets/phpinfo.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

phpinfo();

1 change: 0 additions & 1 deletion snippets/print_r.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

print_r('');

2 changes: 1 addition & 1 deletion snippets/proc_open.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<?php

$pipes = [];
proc_open('', [], $pipes);

1 change: 0 additions & 1 deletion snippets/shell_exec.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

shell_exec('');

1 change: 0 additions & 1 deletion snippets/system.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

system('');

1 change: 0 additions & 1 deletion snippets/var_dump.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
<?php

var_dump('');

5 changes: 4 additions & 1 deletion tests/Rules/BannedNodesRuleTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
use PhpParser\Node\Expr\Exit_;
use PhpParser\Node\Expr\FuncCall;
use PhpParser\Node\Expr\Include_;
use PhpParser\Node\Expr\ShellExec;
use PhpParser\Node\Expr\Variable;
use PhpParser\Node\Name;
use PhpParser\Node\Scalar\LNumber;
Expand Down Expand Up @@ -52,6 +53,7 @@ protected function setUp(): void
['type' => 'Expr_Eval'],
['type' => 'Expr_Exit'],
['type' => 'Expr_FuncCall', 'functions' => ['debug_backtrace', 'dump']],
['type' => 'Expr_ShellExec'],
]);
$this->scope = $this->createMock(Scope::class);
}
Expand Down Expand Up @@ -128,11 +130,12 @@ public function getUnhandledNodes(): \Generator
}

/**
* @return \Generator<array<Eval_|Exit_>>
* @return \Generator<array<mixed>>
*/
public function getHandledNodes(): \Generator
{
yield [new Eval_($this->createMock(Expr::class))];
yield [new Exit_()];
yield [new ShellExec([''])];
}
}

0 comments on commit d3bca55

Please sign in to comment.