Adding a new rule for Php Analyzer: OS command injection problem

[SabrinaS]

Hi :)

For personal use, I needed to check that the developer doesn't execute OS commands in Php code in order to prevent  OS command injection vulnerabilities. 

Since it doesn't exist, I developed this custom  rule. Now, it detects the use of risky functions such us:

• ell_exec()
• exec()
• system()
• proc_open()
• popen()
• passthru()

and proposes to do not use them, or at least to follow those steps if needed:

• Escaping any user input using escapeshellarg().
• Using an absolute path to the executable you call and comparing it to a list of allowed paths.
• Sandboxing the command
• Running the command with limited privileges

I was wondering if this rule is may interest other people and thus be added to the Php plugin.

Best regards

[carlo.bo...@sonarsource.com]

Hello SabrinaS,

if you create a pull request on https://github.com/SonarSource/sonar-php I'll have a look at it with pleasure.

Cheers,

Carlo