progpilot icon indicating copy to clipboard operation
progpilot copied to clipboard

Published 20 hours ago verified publisher icon designsecurity

ProgPilot is unable to deal with ternary operator

Open Mister-Stein opened this issue 2 years ago • 3 comments

Progpilot built from source, includes all recent commits and in default configuration. PHP 8.2.1

I see that ProgPilot don't know how to deal with ternary operator. It's syntax: (Conditional statement) ? (Statement_1) : (Statement_2); Simplified example code, no result after analysis:

<?php
global $wpdb;
$tainted = isset($_POST['order_by']) ? $_POST['order_by'] : 'post_date';
$wpdb->get_row($tainted);

And there's exists it's shorthand variant, so called "Elvis" operator. It's syntax: expression1 ?: expression2 Another example, with no results too:

<?php
global $wpdb;
$tainted = isset($_POST['order_by']) ?: 'post_date';
$wpdb->get_row($tainted);

The ternary operator is pretty common these days, I often see it in WordPress plugins. Although, it's shorthand variant I haven't seen in real code yet. Description about it in PHP Doc How do we go about it? Is it possible to make ProgPilot be able to deal with ternary operator?

Mister-Stein avatar Feb 23 '23 14:02 Mister-Stein