(#58) Improve PHP Analyzer (+add header)

owasp-noir · Aug 30, 2023 · 5cb8863 · 5cb8863
1 parent 6924d38
commit 5cb8863
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 3 deletions.
diff --git a/spec/functional_test/fixtures/php_pure/get.php b/spec/functional_test/fixtures/php_pure/get.php
@@ -0,0 +1,3 @@
+<?
+    $param1 = $_GET['param1'];
+?>
diff --git a/spec/functional_test/fixtures/php_pure/header.php b/spec/functional_test/fixtures/php_pure/header.php
@@ -0,0 +1,4 @@
+<?
+    $param1 = $_GET['param1'];
+    $api_key = $_SERVER['HTTP_X_API_KEY'];
+?>
diff --git a/spec/functional_test/fixtures/php_pure/post.php b/spec/functional_test/fixtures/php_pure/post.php
@@ -0,0 +1,3 @@
+<?
+    $param1 = $_POST['param1'];
+?>
diff --git a/spec/functional_test/fixtures/php_pure/request.php b/spec/functional_test/fixtures/php_pure/request.php
@@ -0,0 +1,3 @@
+<?
+    $param1 = $_REQUEST['param1'];
+?>
diff --git a/spec/functional_test/testers/php_pure_spec.cr b/spec/functional_test/testers/php_pure_spec.cr
@@ -0,0 +1,15 @@
+require "../func_spec.cr"
+
+extected_endpoints = [
+  Endpoint.new("/get.php", "GET"),
+  Endpoint.new("/header.php", "GET", [Param.new("X-API-KEY", "", "header")]),
+  Endpoint.new("/post.php", "GET"),
+  Endpoint.new("/post.php", "POST", [Param.new("param1", "", "body")]),
+  Endpoint.new("/request.php", "GET", [Param.new("param1", "", "query")]),
+  Endpoint.new("/request.php", "POST", [Param.new("param1", "", "body")]),
+]
+
+FunctionalTester.new("fixtures/php_pure/", {
+  :techs     => 1,
+  :endpoints => 6,
+}, extected_endpoints).test_all
diff --git a/src/analyzer/analyzers/analyzer_php_pure.cr b/src/analyzer/analyzers/analyzer_php_pure.cr
@@ -26,9 +26,23 @@ class AnalyzerPhpPure < Analyzer
               method = match[1]
               param_name = match[2]
 
-              methods = methods | [method]
-              params_query << Param.new(param_name, "string", "query")
-              params_body << Param.new(param_name, "string", "form")
+
+              if method == "GET"
+                params_query << Param.new(param_name, "", "query")
+              elsif method == "POST"
+                params_body << Param.new(param_name, "", "body")
+                methods << "POST"
+              elsif method == "REQUEST"
+                params_query << Param.new(param_name, "", "query")
+                params_body << Param.new(param_name, "", "body")
+                methods << "POST"
+              elsif method == "SERVER"
+                if param_name.includes? "HTTP_"
+                  param_name = param_name.sub("HTTP_", "").gsub("_", "-")
+                  params_query << Param.new(param_name, "", "header")
+                  params_body << Param.new(param_name, "", "header")
+                end
+              end
             end
           rescue
             next
@@ -44,8 +58,13 @@ class AnalyzerPhpPure < Analyzer
 
     result
   end
+
+  def allow_methods
+    ["GET", "POST", "PUT", "DELETE", "PATCH"]
+  end
 end
 
+
 def analyzer_php_pure(options : Hash(Symbol, String))
   instance = AnalyzerPhpPure.new(options)
   instance.analyze