Add request path param as a source of vulnerability values

eobruk · Feb 9, 2015 · 6cfc6bb · 6cfc6bb
1 parent 2028b15
commit 6cfc6bb
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/classes/App/Core/Request.php b/classes/App/Core/Request.php
@@ -111,6 +111,11 @@ public function cookieWrap($key = null, $default = null)
         return $this->getWrappedValueOrArray(FieldDescriptor::SOURCE_COOKIE, $key, $default);
     }
 
+    public function paramWrap($key = null, $default = null)
+    {
+        return $this->getWrappedValueOrArray(FieldDescriptor::SOURCE_PARAM, $key, $default);
+    }
+
     public function headerWrap($key = null, $default = null)
     {
         return $this->getWrappedValueOrArray(FieldDescriptor::SOURCE_HEADER, $key, $default);
@@ -195,6 +200,9 @@ public function getRawValue($source, $key = null, $default = null, $arr = null)
         } else if ($source == FieldDescriptor::SOURCE_HEADER) {
             $raw = $this->header($key, $default);
 
+        } else if ($source == FieldDescriptor::SOURCE_PARAM) {
+            $raw = $this->param($key, $default);
+
         } else {
             $raw = $default;
         }

diff --git a/modules/vulninjection/classes/VulnModule/Config/FieldDescriptor.php b/modules/vulninjection/classes/VulnModule/Config/FieldDescriptor.php
@@ -17,13 +17,15 @@ class FieldDescriptor
 {
     const SOURCE_ANY = 'any';
     const SOURCE_QUERY = 'query';
+    const SOURCE_PARAM = 'param';
     const SOURCE_BODY = 'body';
     const SOURCE_HEADER = 'header';
     const SOURCE_COOKIE = 'cookie';
 
     protected static $sources = [
         self::SOURCE_ANY,
         self::SOURCE_QUERY,
+        self::SOURCE_PARAM,
         self::SOURCE_BODY,
         self::SOURCE_HEADER,
         self::SOURCE_COOKIE,