From 82767f3f33c903e92f059dc9a2b27ec38dcc28d7 Mon Sep 17 00:00:00 2001
From: gbprod <contact@gb-prod.fr>
Date: Thu, 6 Oct 2022 16:29:27 +0200
Subject: feat(php): add queries for bash injections

This commit allows to inject bash syntax into relevant function arguments
and shell expression.
---
 queries/php/injections.scm | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'queries/php')

diff --git a/queries/php/injections.scm b/queries/php/injections.scm
index c90e2f937..603aa8b01 100644
--- a/queries/php/injections.scm
+++ b/queries/php/injections.scm
@@ -1,3 +1,14 @@
 (text) @html
 
 (comment) @phpdoc
+
+;; bash
+
+((function_call_expression
+  function: (_) @_shell_func_identifier
+  arguments: (arguments . (argument (_ (string_value) @bash))))
+  (#any-of? @_shell_func_identifier "shell_exec" "escapeshellarg" 
+   "escapeshellcmd" "exec" "passthru" "proc_open" "shell_exec" "system"))
+
+((expression_statement (shell_command_expression (string_value) @bash)))
+
-- 
cgit v1.2.3-70-g09d2