Test for PHP Static Source Code Analyzers

"; /* true */ echo "HelloInt: ". (int)$_GET['xss_fp2'] . "
"; /* false */ echo "HelloStr: ". htmlentities($_GET['xss_fp3'], ENT_QUOTES, 'UTF-8') . "
"; /* true */ // !!! File Injection include ($_GET['file_tp1']); /* true */ if (file_exists($_GET['file_tp2'])) include ($_GET['file_tp2']); /* true */ $inc = $_GET['file_fp1']; if (file_exists($inc) && ereg("^[^./][^/]*$", $inc)) include ($inc); /* false */ // !!! Path Manipulation $fp = fopen($_GET['path_tp1'] . '.ext', 'rb'); /* true */ $content = file_get_contents($fp); echo $content; fclose($fp); $fp = fopen(escapeshellcmd($_GET['path_tp2']) . '.ext', 'rb'); /* true */ $content = file_get_contents($fp); echo $content; fclose($fp); $name = escapeshellcmd($_GET['path_fp1']); if (ereg("^[^./][^/]*$", $name)) { $fp = fopen($name . '.ext', 'rb'); /* false */ $content = file_get_contents($fp); echo $content; fclose($fp); } // !!! OS Command Injection system($_GET['cmd_tp1']); /* true */ system(htmlentities($_GET['cmd_tp2'])); /* true */ system(escapeshellcmd($_GET['cmd_fp1'])); /* false */ ?>