/
sources.php
121 lines (107 loc) · 2.71 KB
/
sources.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/**
RIPS - A static source code analyser for vulnerabilities in PHP scripts
by Johannes Dahse (johannes.dahse@rub.de)
Copyright (C) 2012 Johannes Dahse
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>.
**/
final class Sources
{
// userinput variables
public static $V_USERINPUT = array(
'$_GET',
'$_POST',
'$_COOKIE',
'$_REQUEST',
'$_FILES',
'$_SERVER',
'$HTTP_GET_VARS',
'$HTTP_POST_VARS',
'$HTTP_COOKIE_VARS',
'$HTTP_REQUEST_VARS',
'$HTTP_POST_FILES',
'$HTTP_SERVER_VARS',
'$HTTP_RAW_POST_DATA',
'$argc',
'$argv'
);
public static $V_SERVER_PARAMS = array(
'HTTP_ACCEPT',
'HTTP_ACCEPT_LANGUAGE',
'HTTP_ACCEPT_ENCODING',
'HTTP_ACCEPT_CHARSET',
'HTTP_CONNECTION',
'HTTP_HOST',
'HTTP_KEEP_ALIVE',
'HTTP_REFERER',
'HTTP_USER_AGENT',
'HTTP_X_FORWARDED_FOR',
// all HTTP_ headers can be tainted
'PHP_AUTH_DIGEST',
'PHP_AUTH_USER',
'PHP_AUTH_PW',
'AUTH_TYPE',
'QUERY_STRING',
'REQUEST_METHOD',
'REQUEST_URI', // partly urlencoded
'PATH_INFO',
'ORIG_PATH_INFO',
'PATH_TRANSLATED',
'REMOTE_HOSTNAME',
'PHP_SELF'
);
// file content as input
public static $F_FILE_INPUT = array(
'bzread',
'dio_read',
'exif_imagetype',
'exif_read_data',
'exif_thumbnail',
'fgets',
'fgetss',
'file',
'file_get_contents',
'fread',
'get_meta_tags',
'glob',
'gzread',
'readdir',
'read_exif_data',
'scandir',
'zip_read'
);
// database content as input
public static $F_DATABASE_INPUT = array(
'mysql_fetch_array',
'mysql_fetch_assoc',
'mysql_fetch_field',
'mysql_fetch_object',
'mysql_fetch_row',
'pg_fetch_all',
'pg_fetch_array',
'pg_fetch_assoc',
'pg_fetch_object',
'pg_fetch_result',
'pg_fetch_row',
'sqlite_fetch_all',
'sqlite_fetch_array',
'sqlite_fetch_object',
'sqlite_fetch_single',
'sqlite_fetch_string'
);
// other functions as input
public static $F_OTHER_INPUT = array(
'get_headers',
'getallheaders',
'get_browser',
'getenv',
'gethostbyaddr',
'runkit_superglobals',
'import_request_variables'
);
// 'getenv' and 'apache_getenv'
// will be automatically added if 'putenv' or 'apache_setenv' with userinput is found
}
?>