From 30450594db0f727fc95a4150439e9950d32ca8fe Mon Sep 17 00:00:00 2001
From: Wilian Gabriel <wilian.silva@zup.com.br>
Date: Wed, 19 Jan 2022 13:35:20 -0300
Subject: [PATCH] php:chore - Add example2 of the php project (#12)

Adding another php example to get vulnerabilities using tool PHP_CodeSniffer

Signed-off-by: wilian <wilian.silva@zup.com.br>
---
 java/example2/src/main/resources/log4j2.xml   |  16 +++
 php/example2/basic-collection.php             |  30 +++++
 php/example2/cross-site-scripting-xss.php     |  24 ++++
 php/example2/sql-injection.php                |  31 +++++
 php/example2/sql-injection_2.php              |  30 +++++
 .../tool-examples/php-security-scanner.php    |  23 ++++
 .../tool-examples/phpcs-security-audit.php    | 127 ++++++++++++++++++
 php/example2/tool-examples/progpilot.php      |  19 +++
 8 files changed, 300 insertions(+)
 create mode 100644 php/example2/basic-collection.php
 create mode 100644 php/example2/cross-site-scripting-xss.php
 create mode 100644 php/example2/sql-injection.php
 create mode 100644 php/example2/sql-injection_2.php
 create mode 100644 php/example2/tool-examples/php-security-scanner.php
 create mode 100644 php/example2/tool-examples/phpcs-security-audit.php
 create mode 100644 php/example2/tool-examples/progpilot.php

diff --git a/java/example2/src/main/resources/log4j2.xml b/java/example2/src/main/resources/log4j2.xml
index 200e939..f333729 100644
--- a/java/example2/src/main/resources/log4j2.xml
+++ b/java/example2/src/main/resources/log4j2.xml
@@ -15,6 +15,22 @@
 -->
 
 <?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <Configuration>
     <Appenders>
         <Console name="Console" target="SYSTEM_OUT">
diff --git a/php/example2/basic-collection.php b/php/example2/basic-collection.php
new file mode 100644
index 0000000..48aa635
--- /dev/null
+++ b/php/example2/basic-collection.php
@@ -0,0 +1,30 @@
+<?php
+// Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+// Cross-Site Scripting (XSS)
+$name = $_GET['name'];
+echo('Hello ' . $name);
+
+// SQL Injection
+$id = $_POST['id'];
+mysql_query("SELECT user FROM users WHERE id = " . $id);
+
+// Command Injection
+$cmd = $_COOKIE['cmd'];
+exec("cat /var/log/apache2/access.log | grep " . $cmd);
+
+// Deprecated Function
+$words = split(":", "split:this");
\ No newline at end of file
diff --git a/php/example2/cross-site-scripting-xss.php b/php/example2/cross-site-scripting-xss.php
new file mode 100644
index 0000000..ad2a807
--- /dev/null
+++ b/php/example2/cross-site-scripting-xss.php
@@ -0,0 +1,24 @@
+<?php
+// Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+if (PHP_SAPI === 'cli') {
+    parse_str(implode('&', array_slice($argv, 1)), $_GET);
+}
+
+if (NULL == $_GET['name']) $_GET['name'] = "Guest! ";
+
+echo 'Hello, welcome ' . $_GET['name'];
+
diff --git a/php/example2/sql-injection.php b/php/example2/sql-injection.php
new file mode 100644
index 0000000..6b81026
--- /dev/null
+++ b/php/example2/sql-injection.php
@@ -0,0 +1,31 @@
+<?php
+// Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+if (PHP_SAPI === 'cli') {
+    parse_str(implode('&', array_slice($argv, 1)), $_GET);
+}
+
+$file_db = new PDO('sqlite:../database/database.sqlite');
+
+if (NULL == $_GET['id']) $_GET['id'] = 1;
+
+$sql = 'SELECT * FROM employees WHERE employeeId = ' . $_GET['id'];
+
+foreach ($file_db->query($sql) as $row) {
+    $employee = $row['LastName'] . " - " . $row['Email'] . "\n";
+
+    echo $employee;
+}
diff --git a/php/example2/sql-injection_2.php b/php/example2/sql-injection_2.php
new file mode 100644
index 0000000..0076378
--- /dev/null
+++ b/php/example2/sql-injection_2.php
@@ -0,0 +1,30 @@
+<?php
+// Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+if (PHP_SAPI === 'cli') {
+    parse_str(implode('&', array_slice($argv, 1)), $_GET);
+}
+
+$id = $_GET['id'] ?? 1;
+
+$file_db = new PDO('sqlite:../database/database.sqlite');
+
+foreach ($file_db->query('SELECT * FROM customers WHERE customerId = ' . $id) as $row) {
+    $customer = $row['LastName'] . " - " . $row['Email'] . "\n";
+
+    echo $customer;
+}
+
diff --git a/php/example2/tool-examples/php-security-scanner.php b/php/example2/tool-examples/php-security-scanner.php
new file mode 100644
index 0000000..1c5edf6
--- /dev/null
+++ b/php/example2/tool-examples/php-security-scanner.php
@@ -0,0 +1,23 @@
+<?php
+// Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+function bar() {
+    foo($_GET['name']);
+}
+
+function foo($name) {
+    mysql_query("SELECT * FROM foo WHERE name = '$name'");
+}
\ No newline at end of file
diff --git a/php/example2/tool-examples/phpcs-security-audit.php b/php/example2/tool-examples/phpcs-security-audit.php
new file mode 100644
index 0000000..6f50bcf
--- /dev/null
+++ b/php/example2/tool-examples/phpcs-security-audit.php
@@ -0,0 +1,127 @@
+<?php
+// Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/* Tests script for phpcs-security-audit */
+
+//eval($_GET['a']);
+echo "aaaa";
+echo "bbbb" . $_POST['b'];
+echo "b";
+db_query($_GET['a']);
+preg_replace("/.*/ei", 'aaaaaaa', 'bbbbb');
+preg_replace("/.*/ei", $_GET['a'], 'aaaaaaa');
+preg_replace($_GET['b'], $_GET['a'], $_GET['c']);
+preg_replace($b, $_GET['a'], 'aaaaaa');
+preg_replace("aaa", $_GET['a'], 'ababaaa');
+
+
+// BadFunctions
+md5();
+phpinfo();
+create_function($a);
+ftp_exec($a);
+fread($a);
+array_map($a);
+`$a`;
+`$_GET`;
+include($a);
+assert($a);
+assert($_GET);
+exec($a);
+exec($_GET);
+mysql_query($a);
+mysql_query($_GET);
+
+
+// Crypto
+mcrypt_encrypt();
+openssl_public_encrypt($i, $e, $k, OPENSSL_PKCS1_PADDING);
+
+// CVEs
+xml_parse_into_struct(xml_parser_create_ns(), str_repeat("<blah>", 1000), $a);
+quoted_printable_encode(str_repeat("\xf4", 1000));
+
+// Misc
+$a->withHeader('Access-Control-Allow-Origin', '*');
+include('abc.xyz');
+
+// Easy user input
+$_GET['a'] = 'xss';
+print("aaa" . $_GET['a']);
+echo($_GET['a']);
+echo $_GET['a'];
+echo "{$_GET['a']}";
+print "${_GET['a']}";
+echo a($_GET['b']);
+echo(allo(a($_GET['c'])));
+echo arg(1);
+die("" . $_GET['a']);
+exit("exit" . $_GET['a']);
+?>
+<?= $_GET['a'] ?>
+<?php
+
+// FilesystemFunctions
+file_create_filename(arg(1));
+symlink($a);
+delete($a);
+
+// Drupal 7 Dynamic queries SQLi
+$query = db_select('tname', "wn");
+$query->join('node', 'n', $a);
+$query->innerJoin('node', 'n', $a);
+$query->leftJoin('node', 'n', $a);
+$query->rightJoin('node', 'n', $a);
+$query->addExpression($a, 'w');
+$query->groupBy($a);
+
+$query->orderBy($a, $a);
+$query->range('safe', 'safe');
+
+$count = $query
+    ->fields("wn")
+    ->condition('email', '1', $_GET)
+    ->condition('email', '1')
+    ->where($a, array(":aaa" => '2'))
+    ->havingCondition('email', '', $a)
+    ->having($a, $args = array(":aaa" => '2'))
+    ->execute()
+    ->rowCount();
+echo $count;
+
+$query = db_update('tname')
+    ->expression($a, $a)
+    ->execute();
+
+$nid = db_insert('tname')
+    ->fields(array(
+        $a => 'safe',
+        $b => 'safe',
+        'c' => 'safe',
+
+    ))
+    ->values(array(
+        'safe' => 'safe',
+    ))
+    ->execute();
+
+$query = db_select('node', 'n');
+$myselect = db_select('mytable')
+    ->fields($_GET)
+    ->condition('myfield', 'myvalue');
+$alias = $query->join($myselect, 'myalias', 'n.nid = myalias.nid');
+
+
+?>
\ No newline at end of file
diff --git a/php/example2/tool-examples/progpilot.php b/php/example2/tool-examples/progpilot.php
new file mode 100644
index 0000000..8fe1d6c
--- /dev/null
+++ b/php/example2/tool-examples/progpilot.php
@@ -0,0 +1,19 @@
+<?php
+// Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+$var7 = $_GET["p"];
+$var4 = $var7;
+echo "$var4";
\ No newline at end of file