feat(php): add queries for bash injections

This commit allows to inject bash syntax into relevant function arguments
and shell expression.
This commit is contained in:
gbprod 2022-10-06 16:29:27 +02:00 committed by Stephan Seitz
parent 3cb46f0c81
commit 82767f3f33

View file

@ -1,3 +1,14 @@
(text) @html
(comment) @phpdoc
;; bash
((function_call_expression
function: (_) @_shell_func_identifier
arguments: (arguments . (argument (_ (string_value) @bash))))
(#any-of? @_shell_func_identifier "shell_exec" "escapeshellarg"
"escapeshellcmd" "exec" "passthru" "proc_open" "shell_exec" "system"))
((expression_statement (shell_command_expression (string_value) @bash)))