Test for PHP Static Source Code Analyzers

"; /** * PHP-SAT check (Optimization) * Pattern ID : O001 * Description: Echo with concat */ /* true */ echo "HelloInt: " . (int)$_GET['xss_fp2'] . "
"; /** * PHP-SAT check (Optimization) * Pattern ID : O001 * Description: Echo with concat */ /* false */ echo "HelloStr: " . htmlentities($_GET['xss_fp3'], ENT_QUOTES, 'UTF-8') . "
"; /** * PHP-SAT check (Malicious Code CodeVulnerability) * Pattern ID : MCV000 * Description: One of the parameters does not meet his precondition. */ include $_GET['file_tp1']; if (file_exists($_GET['file_tp2'])) include $_GET['file_tp2']; $inc = $_GET['file_fp1']; if (file_exists($inc) && ereg("^[^./][^/]*$", $inc)) include $inc; $fp = fopen($_GET['path_tp1'] . '.ext', 'rb'); $content = file_get_contents($fp); echo $content; fclose($fp); $fp = fopen(escapeshellcmd($_GET['path_tp2']) . '.ext', 'rb'); $content = file_get_contents($fp); echo $content; fclose($fp); $name = escapeshellcmd($_GET['path_fp1']); if (ereg("^[^./][^/]*$", $name)){ $fp = fopen($name . '.ext', 'rb'); $content = file_get_contents($fp); echo $content; fclose($fp); } system($_GET['cmd_tp1']); system(htmlentities($_GET['cmd_tp2'])); system(escapeshellcmd($_GET['cmd_fp1'])); ?>