r36299 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r36298‎ \| r36299 \| r36300 >
Date:	10:45, 15 June 2008
Author:	tstarling
Status:	old
Tags:
Comment:	Support for $GLOBALS[...]
Modified paths:	/trunk/tools/rg-vuln-check/rg-vuln-check.php (modified) (history)

Diff [purge]

Index: trunk/tools/rg-vuln-check/rg-vuln-check.php
—	—	@@ -6,40 +6,42 @@
7	7	exit( 1 );
8	8	}
9	9
10		~~-$options = array();~~
	10	+if ( !defined( 'RGVULN_INC' ) ) {
	11	+ $options = array();
11	12
12		~~-if ( in_array( '-v', $argv ) ) {~~
13		~~- $options['verbose'] = true;~~
14		~~- $argv = array_diff( $argv, array( '-v' ) );~~
15		-}
16		~~-if ( in_array( '--opcodes', $argv ) ) {~~
17		~~- $options['opcodes'] = true;~~
18		~~- $argv = array_diff( $argv, array( '--opcodes' ) );~~
19		-}
	13	+ if ( in_array( '-v', $argv ) ) {
	14	+ $options['verbose'] = true;
	15	+ $argv = array_diff( $argv, array( '-v' ) );
	16	+ }
	17	+ if ( in_array( '--opcodes', $argv ) ) {
	18	+ $options['opcodes'] = true;
	19	+ $argv = array_diff( $argv, array( '--opcodes' ) );
	20	+ }
20	21
21		~~-if ( count( $argv ) <= 1 ) {~~
22		~~- echo "Usage: php {$argv[0]} [-v] [--opcodes] <filename> [<filename> ...]\n";~~
23		~~- exit( 1 );~~
24		-}
	22	+ if ( count( $argv ) <= 1 ) {
	23	+ echo "Usage: php {$argv[0]} [-v] [--opcodes] <filename> [<filename> ...]\n";
	24	+ exit( 1 );
	25	+ }
25	26
26		~~-$confFile = dirname( __FILE__ ) . '/conf.php';~~
27		~~-if ( !file_exists( $confFile ) ) {~~
28		~~- echo "Configuration file not found\n";~~
29		~~- echo "Copy conf.php.sample to conf.php, and change the settings to suit your installation.\n";~~
30		~~- exit( 1 );~~
31		-}
	27	+ $confFile = dirname( __FILE__ ) . '/conf.php';
	28	+ if ( !file_exists( $confFile ) ) {
	29	+ echo "Configuration file not found\n";
	30	+ echo "Copy conf.php.sample to conf.php, and change the settings to suit your installation.\n";
	31	+ exit( 1 );
	32	+ }
32	33
33		~~-$cvc = new ClassicVulnerabilityCheck( $options );~~
34		~~-$cvc->readConf( $confFile );~~
	34	+ $cvc = new ClassicVulnerabilityCheck( $options );
	35	+ $cvc->readConf( $confFile );
35	36
36		~~-array_shift( $argv );~~
37		~~-$good = true;~~
38		~~-foreach ( $argv as $file ) {~~
39		~~- $good = $good && $cvc->check( $file );~~
	37	+ array_shift( $argv );
	38	+ $good = true;
	39	+ foreach ( $argv as $file ) {
	40	+ $good = $good && $cvc->check( $file );
	41	+ }
	42	+
	43	+ exit( $good ? 0 : 1 );
40	44	}
41	45
42		~~-exit( $good ? 0 : 1 );~~
43		-
44	46	class ClassicVulnerabilityCheck {
45	47	/**
46	48	* Set this to the base URL where all the scripts to be tested are kept. It
—	—	@@ -63,7 +65,7 @@
64	66	*/
65	67	var $opcodes = false;
66	68
67		~~- function __construct( $options ) {~~
	69	+ function __construct( $options = array() ) {
68	70	foreach ( $options as $name => $value ) {
69	71	$this->$name = $value;
70	72	}
—	—	@@ -158,12 +160,28 @@
159	161
160	162	function getGlobalsFromFunction( $opArray ) {
161	163	$globals = array();
162		~~- foreach ( $opArray as $opLine ) {~~
	164	+ foreach ( $opArray as $i => $opLine ) {
	165	+ // Plain ZEND_FETCH_W
163	166	if ( $opLine['opcode_name'] == 'ZEND_FETCH_W'
164	167	&& $opLine['op1']['type_name'] == 'IS_CONST' )
165	168	{
166	169	$globals[$opLine['op1']['constant']] = true;
167	170	}
	171	+
	172	+ // $GLOBALS[...]
	173	+ if ( $opLine['opcode_name'] == 'ZEND_FETCH_R'
	174	+ && $opLine['op1']['type_name'] == 'IS_CONST'
	175	+ && $opLine['op1']['constant'] == 'GLOBALS'
	176	+ && $opLine['result']['type_name'] == 'IS_VAR'
	177	+ && isset( $opArray[$i+1] )
	178	+ && $opArray[$i+1]['opcode_name'] == 'ZEND_FETCH_DIM_R'
	179	+ && $opArray[$i+1]['op1']['type_name'] == 'IS_VAR'
	180	+ && $opLine['result']['var'] == $opArray[$i+1]['op1']['var']
	181	+ && $opArray[$i+1]['op2']['type_name'] == 'IS_CONST' )
	182	+ {
	183	+ $globals[$opArray[$i+1]['op2']['constant']] = true;
	184	+ }
	185	+
168	186	}
169	187	return $globals;
170	188	}

Status & tagging log

15:28, 12 September 2011 Meno25 (talk | contribs) changed the status of r36299 [removed: ok added: old]