This PR includes a review of all PHP patterns. All patterns were manually looked at, php code was executed and spelling mistakes corrected. Additionally, the tpframework was used to run checkdiscoveryrules (to verify that the discovery rule works) and measure.
The following things should now be uniform across all patterns now:
Each pattern:
has a description located in ./docs/description.md
has a uniform README file, including the measurements done in 06/2021, 05/2023 and the results of checkdiscoveryrules
Each instance:
has an instance description
has a correct source and sink line (as comment in the php file and in the json file)
has a bash file containing the opcode of that pattern
Most instances:
are structured in the form source -> tarpit -> sink (for some patterns, this is not possible, if so, it should be indicated by injection_skeleton_broken: true )
have a working discovery rule (Some instances cannot be discovered using opcode, or the cpg generation fails)
Exceptions - could profit from source code discovery (?): Pattern 5, 40, 55, 47, 48, 80 (#43 )
Patterns 6 (#36), 45 (#37), 47 (#35), 75 (#38) and 83 (#39) are not included in this PR, as they have larger changes. The PR including these patterns can be found #41
This PR includes a review of all PHP patterns. All patterns were manually looked at, php code was executed and spelling mistakes corrected. Additionally, the tpframework was used to run
checkdiscoveryrules(to verify that the discovery rule works) andmeasure. The following things should now be uniform across all patterns now:./docs/description.mdcheckdiscoveryrulessource->tarpit->sink(for some patterns, this is not possible, if so, it should be indicated byinjection_skeleton_broken: true)Patterns 6 (#36), 45 (#37), 47 (#35), 75 (#38) and 83 (#39) are not included in this PR, as they have larger changes. The PR including these patterns can be found #41