def test_classes_1(self): code = ''' <?php class A { private $prop1 = 'ok'; function foo($var1) { echo $_GET[1]; $this->prop1 = $var1; } function bar($prop2 = 'default') { echo $this->prop1; $this->prop2 = $prop2; } function baz() { if (1) { system($this->prop2); } } } $obj1 = new A(); $obj1->foo($_GET[1]); #XSS $obj1->bar(); #XSS $obj1->baz(); $awsome = $_POST[1]; $obj2 = new A(); $obj2->foo('test'); #XSS $obj2->bar($awsome); $obj2->baz(); #OS COMMANDING $obj1->bar(); #XSS again ?>''' analyzer = PhpSCA(code) vulns = analyzer.get_vulns() self.assertEquals(4, len(vulns['XSS'])) self.assertEquals(1, len(vulns['OS_COMMANDING'])) self.assertEquals(18, vulns['OS_COMMANDING'][0][0].lineno) self.assertEquals('$awsome', vulns['OS_COMMANDING'][0][-1].name) self.assertEquals(28, vulns['OS_COMMANDING'][0][-1].lineno) objects = analyzer.get_objects(); self.assertTrue('$obj1' and '$obj2' in objects)