queries/php: add injections for regex and sql injection (#6250)

This commit is contained in:
Ivan 2023-03-11 00:56:18 +02:00 committed by GitHub
parent 1661e4b5e1
commit 3907358103
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -4,3 +4,22 @@
((comment) @injection.content
(#set! injection.language "comment"))
((function_call_expression
function: (name) @_function
arguments: (arguments . (argument (_ (string_value) @injection.content))))
(#match? @_function "^preg_")
(#set! injection.language "regex"))
((function_call_expression
function: (name) @_function
arguments: (arguments (_) (argument (_ (string_value) @injection.content))))
(#match? @_function "^mysqli_")
(#set! injection.language "sql"))
((member_call_expression
object: (_)
name: (name) @_function
arguments: (arguments . (argument (_ (string_value) @injection.content))))
(#match? @_function "^(prepare|query)$")
(#set! injection.language "sql"))