queries/php: add injections for regex and sql injection (#6250)

author: Ivan 2023-03-10 22:56:18 +0000
committer: GitHub 2023-03-10 22:56:18 +0000
commit: 39073581032a015e5091497530a1b357854b4e99 (patch)
tree: 1c7d77e23f8018eae6bca264171c784734890f61 /runtime
parent: 1661e4b5e1d8ebfef28f798fcb86ba2656373ba0 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/runtime/queries/php/injections.scm b/runtime/queries/php/injections.scm
index 614a3850..8d1b9740 100644
--- a/runtime/queries/php/injections.scm
+++ b/runtime/queries/php/injections.scm
@@ -4,3 +4,22 @@
 
 ((comment) @injection.content
  (#set! injection.language "comment"))
+
+((function_call_expression
+ function: (name) @_function
+ arguments: (arguments . (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^preg_")
+ (#set! injection.language "regex"))
+
+((function_call_expression
+ function: (name) @_function
+ arguments: (arguments (_) (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^mysqli_")
+ (#set! injection.language "sql"))
+
+((member_call_expression
+ object: (_)
+ name: (name) @_function
+ arguments: (arguments . (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^(prepare|query)$")
+ (#set! injection.language "sql"))
author	Ivan	2023-03-10 22:56:18 +0000
committer	GitHub	2023-03-10 22:56:18 +0000
commit	39073581032a015e5091497530a1b357854b4e99 (patch)
tree	1c7d77e23f8018eae6bca264171c784734890f61 /runtime
parent	1661e4b5e1d8ebfef28f798fcb86ba2656373ba0 (diff)