def api_read(self, localtmpdir=None): ''' :param localtmpdir: Local temporary directory where to save the remote code. ''' def write_vuln_to_kb(vulnty, url, funcs): vulndata = php_sca.KB_DATA[vulnty] for f in funcs: vuln_sev = vulndata['severity'] desc = name = vulndata['name'] v = Vuln(name, desc, vuln_sev, 1, 'PHP Static Code Analyzer') v.set_uri(url) v.set_var(f.vulnsources[0]) args = list(vulndata['kb_key']) + [v] # TODO: Extract the method from the PHP code # $_GET == GET # $_POST == POST # $_REQUEST == GET v.set_method('GET') # TODO: Extract all the other variables that are # present in the PHP file using the SCA v.set_dc(DataContainer()) # # TODO: This needs to be checked! OS Commanding specific # attributes. v['os'] = 'unix' v['separator'] = '' kb.kb.append(*args) if not localtmpdir: localtmpdir = tempfile.mkdtemp() res = {} files = self.exec_payload('get_source_code', args=(localtmpdir, )) for url, file in files.iteritems(): sca = PhpSCA(file=file[1]) for vulnty, funcs in sca.get_vulns().iteritems(): # Write to KB write_vuln_to_kb(vulnty, url, funcs) # Fill res dict res.setdefault(vulnty, []).extend([{ 'loc': url, 'lineno': fc.lineno, 'funcname': fc.name, 'vulnsrc': str(fc.vulnsources[0]) } for fc in funcs]) return res
def api_read(self, localtmpdir=None): ''' :param localtmpdir: Local temporary directory where to save the remote code. ''' def write_vuln_to_kb(vulnty, url, funcs): vulndata = php_sca.KB_DATA[vulnty] for f in funcs: vuln_sev = vulndata['severity'] desc = name = vulndata['name'] v = Vuln(name, desc, vuln_sev, 1, 'PHP Static Code Analyzer') v.set_uri(url) v.set_var(f.vulnsources[0]) args = list(vulndata['kb_key']) + [v] # TODO: Extract the method from the PHP code # $_GET == GET # $_POST == POST # $_REQUEST == GET v.set_method('GET') # TODO: Extract all the other variables that are # present in the PHP file using the SCA v.set_dc(DataContainer()) # # TODO: This needs to be checked! OS Commanding specific # attributes. v['os'] = 'unix' v['separator'] = '' kb.kb.append(*args) if not localtmpdir: localtmpdir = tempfile.mkdtemp() res = {} files = self.exec_payload('get_source_code', args=(localtmpdir,)) for url, file in files.iteritems(): sca = PhpSCA(file=file[1]) for vulnty, funcs in sca.get_vulns().iteritems(): # Write to KB write_vuln_to_kb(vulnty, url, funcs) # Fill res dict res.setdefault(vulnty, []).extend( [{'loc': url, 'lineno': fc.lineno, 'funcname': fc.name, 'vulnsrc': str(fc.vulnsources[0])} for fc in funcs]) return res