diff options
| -rw-r--r-- | queries/php/injections.scm | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/queries/php/injections.scm b/queries/php/injections.scm index c90e2f937..603aa8b01 100644 --- a/queries/php/injections.scm +++ b/queries/php/injections.scm @@ -1,3 +1,14 @@ (text) @html (comment) @phpdoc + +;; bash + +((function_call_expression + function: (_) @_shell_func_identifier + arguments: (arguments . (argument (_ (string_value) @bash)))) + (#any-of? @_shell_func_identifier "shell_exec" "escapeshellarg" + "escapeshellcmd" "exec" "passthru" "proc_open" "shell_exec" "system")) + +((expression_statement (shell_command_expression (string_value) @bash))) + |