Merge pull request #92 from wufeifei/develop

improves rules
FeeiCN · Sep 10, 2016 · 8ae911c · 8ae911c
2 parents ee4795c + 8193bec
commit 8ae911c
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/engine/parse.py b/engine/parse.py
@@ -148,9 +148,9 @@ def get_code(self, line_rule):
     def is_controllable_param(self):
         logging.info('---------------------- [2]. Param is controllable --------------------------------------')
         param_name = re.findall(self.rule, self.code)
-        param_name = param_name[0].strip()
-        self.param_name = param_name
         if len(param_name) == 1:
+            param_name = param_name[0].strip()
+            self.param_name = param_name
             logging.info('P: {0}'.format(param_name))
             # controllable param
             # exclude class const (maybe misuse)
@@ -214,6 +214,7 @@ def is_controllable_param(self):
                     if len(c_rule_result) >= 1:
                         logging.info("R: True (New rule: controllable param: {0}, {1})".format(param_name, c_rule['example']))
                         return True
+                logging.info("R: True")
                 return True
             else:
                 logging.info("R: False (Not contained $)")
@@ -245,7 +246,7 @@ def is_repair(self, repair_rule, block_repair):
     try:
         parse = Parse('curl_setopt\s?\(.*,\s?CURLOPT_URL\s?,(.*)\)', '/Volumes/Statics/Project/Company/mogujie/appbeta/classes/crond/trade/chenxitest.php', '60', "curl_setopt($curl, CURLOPT_URL, $file); #output")
         if parse.is_controllable_param():
-            parse.is_repair(r'fff', 2)
+            parse.is_repair(r'$url', 2)
         else:
             print("UC")
     except Exception as e: