requested changes

semgrep · Apr 24, 2024 · a1a15d4 · a1a15d4
1 parent 3bdc381
commit a1a15d4
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 0 deletions.
diff --git a/php/lang/security/injection/echoed-request.php b/php/lang/security/injection/echoed-request.php
@@ -44,6 +44,22 @@ function doSmth5() {
     echo "Hello ".trim($_POST['name']);
 }
 
+function doSmth6() {
+   $VAR = $_GET['someval']
+    if(isset($VAR)){ 
+        // ruleid: echoed-request
+        echo $VAR; 
+    }
+}
+
+function doSmth7() {
+    $VAR = $_GET['someval']
+     if(empty($VAR)){ 
+         // ruleid: echoed-request
+         echo $VAR; 
+     }
+ }
+
 function doOK1() {
     // ok: echoed-request
     echo "Hello ".htmlentities($_POST['name'])." !";
@@ -84,4 +100,14 @@ function doOK7() {
     echo $safevar;
 }
 
+function doOK8() {
+    // ok: echoed-request
+    echo "Hello ".isset($_POST['name'])." !";
+}
+
+function doOK9() {
+    $safevar = empty($_GET['name']);
+    // ok: echoed-request
+    echo "Hello $safevar !";
+}
 
diff --git a/php/lang/security/injection/echoed-request.yaml b/php/lang/security/injection/echoed-request.yaml
@@ -16,6 +16,8 @@ rules:
   - pattern: htmlentities(...)
   - pattern: htmlspecialchars(...)
   - pattern: strip_tags(...)
+  - pattern: isset(...)
+  - pattern: empty(...)
   # Wordpress Escapes
   - pattern: esc_html(...)
   - pattern: esc_attr(...)

diff --git a/php/lang/security/injection/printed-request.php b/php/lang/security/injection/printed-request.php
@@ -44,6 +44,22 @@ function doSmth5() {
     print("Hello ".trim($_POST['name']));
 }
 
+function doSmth6() {
+    $VAR = $_GET['someval']
+     if(isset($VAR)){ 
+         // ruleid: printed-request
+         print($VAR); 
+     }
+ }
+
+ function doSmth7() {
+     $VAR = $_GET['someval']
+      if(empty($VAR)){ 
+          // ruleid: printed-request
+          print($VAR); 
+      }
+  }
+
 function doOK1() {
     // ok: printed-request
     print("Hello ".htmlentities($_POST['name'])." !");
@@ -84,4 +100,13 @@ function doOK7() {
     print($safevar);
 }
 
+function doOK8() {
+    // ok: printed-request
+    print("Hello ".isset($_POST['name'])." !");
+}
 
+function doOK9() {
+    $safevar = empty($_GET['name']);
+    // ok: printed-request
+    print("Hello $safevar !");
+}
diff --git a/php/lang/security/injection/printed-request.yaml b/php/lang/security/injection/printed-request.yaml
@@ -16,6 +16,8 @@ rules:
   - pattern: htmlentities(...)
   - pattern: htmlspecialchars(...)
   - pattern: strip_tags(...)
+  - pattern: isset(...)
+  - pattern: empty(...)
   # Wordpress Escapes
   - pattern: esc_html(...)
   - pattern: esc_attr(...)