Merge branch 'develop'

LoRexxar · Dec 1, 2017 · 8123c0e · 8123c0e
2 parents b13dc8c + f161f02
commit 8123c0e
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -77,6 +77,10 @@ Cobra-W是从Cobra2.0发展而来的分支，着眼于白帽子使用的白盒
 - 2017-11-27
     - Cobra-W 0.7
     - 更新了全新的机制应用于类变量回溯，已完成大部分支持
+- 2017-12-1
+    - Cobra-W 0.7.1
+    - 修复类变量回溯的多个bug，对类变量回溯已经有比较完整的支持
+
 
 # README(开发文档)
 

diff --git a/cobra/__version__.py b/cobra/__version__.py
@@ -7,7 +7,7 @@
 __issue_page__ = 'https://github.com/LoRexxar/Cobra-W/issues/new'
 __python_version__ = sys.version.split()[0]
 __platform__ = platform.platform()
-__version__ = '0.7'
+__version__ = '0.7.1'
 __author__ = 'LoRexxar'
 __author_email__ = 'LoRexxar@gmail.com'
 __license__ = 'MIT License'

diff --git a/cobra/parser.py b/cobra/parser.py
@@ -695,6 +695,11 @@ def anlysis_params(param, code_content, file_path, lineno):
     """
     count = 0
     function_params = None
+    if type(param) is str and "->" in param:
+        param_left = php.Variable(param.split("->")[0])
+        param_right = param.split("->")[1]
+        param = php.ObjectProperty(param_left, param_right)
+
     param = php.Variable(param)
     parser = make_parser()
     all_nodes = parser.parse(code_content, debug=False, lexer=lexer.clone(), tracking=with_line)

diff --git a/rules/php/CVI_1001.py b/rules/php/CVI_1001.py
@@ -41,7 +41,7 @@ def main(self, regex_string):
         :return: 
         """
         sql_sen = regex_string[0]
-        reg = "\$\w+"
+        reg = "\$[\w+\->]*"
         if re.search(reg, sql_sen, re.I):
 
             p = re.compile(reg)

diff --git a/tests/ast/test_class/test_class2.php b/tests/ast/test_class/test_class2.php
@@ -0,0 +1,42 @@
+<?php
+class a2{
+
+    function __construct($test=1,$message="2333"){
+        $this->test = $test;
+        $this->message = $message;
+    }
+    function __toString(){
+    	$b = $_GET['b'];
+    	return $b;
+    }
+
+    function eval_function($a){
+        curl_setopt($curl, CURLOPT_URL, $a);
+    }
+
+    function eval_function2(){
+        $a = $_GET['a'];
+        curl_setopt($curl, CURLOPT_URL, $a);
+    }
+
+    function eval_function3(){
+        curl_setopt($curl, CURLOPT_URL, $this->test);
+    }
+
+    function eval_function4(){
+        curl_setopt($curl, CURLOPT_URL, $this->message);
+    }
+}
+
+
+$x = $_GET['a'];
+$y = "test";
+
+$A = new a2($x, $y);
+$A->eval_function($y);
+$A->eval_function2();
+$A->eval_function3();
+$A->eval_function4();
+
+$z = $A;
+curl_setopt($curl, CURLOPT_URL, $z);