Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'ArrayOffset' object has no attribute 'name' #65

Closed
m4p1e opened this issue Jan 16, 2020 · 1 comment
Closed

'ArrayOffset' object has no attribute 'name' #65

m4p1e opened this issue Jan 16, 2020 · 1 comment
Labels
bug

Comments

@m4p1e
Copy link

m4p1e commented Jan 16, 2020 

<?php 

function random($val){
	$b=$_GET['maple'];
	$c=$b[0];
	mysql_query($c);
}

回溯和报错:

[DEBUG] [MainThread] [18:13:28] [engine.py:801] [RULE_MATCH] ['mysql_query', 'mysql_db_query']
[DEBUG] [MainThread] [18:13:28] [parser.py:1316] [AST] vul_function:mysql_query
[DEBUG] [MainThread] [18:13:28] [parser.py:1123] [AST] AST to find param Variable('$c')
[DEBUG] [MainThread] [18:13:28] [parser.py:598] [BT] param=Variable('$c'),nodes=[Function('random', [FormalParameter('$val', None, False, None)], [Assignment(Variable('$b'), ArrayOffset(Variable('$_GET'), 'maple'), False), Assignment(Variable('$c'), ArrayOffset(Variable('$b'), 0), False), FunctionCall('mysql_query', [Parameter(Variable('$c'), False)])], False)],function_params=None, lineno=6,function_flag=0,vul_function=mysql_query,file_path=/root/cobra/tests/vulnerabilities/sql.php,isback=False,parent_node=0
[DEBUG] [MainThread] [18:13:28] [parser.py:793] [AST] param $c line 6 in function random line 3, start ast in function
[DEBUG] [MainThread] [18:13:28] [parser.py:598] [BT] param=Variable('$c'),nodes=[Assignment(Variable('$b'), ArrayOffset(Variable('$_GET'), 'maple'), False), Assignment(Variable('$c'), ArrayOffset(Variable('$b'), 0), False)],function_params=[FormalParameter('$val', None, False, None)], lineno=3,function_flag=1,vul_function=mysql_query,file_path=/root/cobra/tests/vulnerabilities/sql.php,isback=False,parent_node=None
[DEBUG] [MainThread] [18:13:28] [parser.py:641] [AST] Find $c=$b in line 5, start ast for param $b
[DEBUG] [MainThread] [18:13:28] [parser.py:598] [BT] param=ArrayOffset(Variable('$b'), 0),nodes=[Assignment(Variable('$b'), ArrayOffset(Variable('$_GET'), 'maple'), False)],function_params=[FormalParameter('$val', None, False, None)], lineno=3,function_flag=1,vul_function=mysql_query,file_path=/root/cobra/tests/vulnerabilities/sql.php,isback=False,parent_node=0
[DEBUG] [MainThread] [18:13:28] [parser.py:615] [AST] AST analysis for ArrayOffset  in line 5
[DEBUG] [MainThread] [18:13:28] [parser.py:1169] Traceback (most recent call last):
  File "/root/Cobra-W/cobra/core_engine/php/parser.py", line 1155, in anlysis_function
    file_path=file_path)
  File "/root/Cobra-W/cobra/core_engine/php/parser.py", line 1322, in analysis_variable_node
    is_co, cp, expr_lineno, chain = anlysis_params(param, file_path, param_lineno, vul_function=vul_function)
  File "/root/Cobra-W/cobra/core_engine/php/parser.py", line 1133, in anlysis_params
    vul_function=vul_function)
  File "/root/Cobra-W/cobra/core_engine/php/parser.py", line 967, in deep_parameters_back
    file_path=file_path, isback=isback, parent_node=0)
  File "/root/Cobra-W/cobra/core_engine/php/parser.py", line 812, in parameters_back
    if node_param.name == cp.name:
AttributeError: 'ArrayOffset' object has no attribute 'name'

[DEBUG] [MainThread] [18:13:28] [engine.py:809] [AST] [RET] []
@m4p1e
Copy link
Author

m4p1e commented Jan 16, 2020

https://github.com/LoRexxar/Cobra-W/blob/master/cobra/core_engine/php/parser.py#L448

这里应该少逻辑

@LoRexxar LoRexxar added the bug label Jan 17, 2020
@LoRexxar LoRexxar mentioned this issue Jan 17, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LoRexxar @m4p1e