TudbuT/helix-mods
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

queries/php: add injections for regex and sql injection (#6250)

Browse source
This commit is contained in:
Ivan 2023-03-11 00:56:18 +02:00 committed by GitHub
parent 1661e4b5e1
commit 3907358103
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
runtime/queries/php/injections.scm
View file

@ -4,3 +4,22 @@
((comment) @injection.content
(#set! injection.language "comment"))
((function_call_expression
function: (name) @_function
arguments: (arguments . (argument (_ (string_value) @injection.content))))
(#match? @_function "^preg_")
(#set! injection.language "regex"))
((function_call_expression
function: (name) @_function
arguments: (arguments (_) (argument (_ (string_value) @injection.content))))
(#match? @_function "^mysqli_")
(#set! injection.language "sql"))
((member_call_expression
object: (_)
name: (name) @_function
arguments: (arguments . (argument (_ (string_value) @injection.content))))
(#match? @_function "^(prepare|query)$")
(#set! injection.language "sql"))