phpgrep icon indicating copy to clipboard operation
phpgrep copied to clipboard
verified publisher icon quasilyte

How to match backticks `...` or eval()

Open tmuras opened this issue 6 years ago • 5 comments

How to match ls -al fragment in code like: $output = ls -al;

tmuras avatar Sep 25 '19 09:09 tmuras

Related to this - is there a way to match PHP language constructs?

For the source code like:

<?php
eval("echo 123");

This will not return any match:

phpgrep eval_test.php 'eval(${"*"})'

tmuras avatar Nov 12 '19 10:11 tmuras

I'll take a look today. If it doesn't match eval, it's probably easy to fix.

Backticks, on the other hand, need more thoughts. We can introduce ${"exec"} pseudo-node in addition to ${"str"}, so you can match exec with any content.

Right now you can use matcher var filter:

phpgrep hello.php '${"x:expr"}' 'x~^`.*`$'
hello.php:2: `ls .`
hello.php:3: `echo 123`

We match all expressions then check that they start with ` and end with a same character.

hello.php:

<?php
$v = `ls .`;
`echo 123`;
echo 123;

quasilyte avatar Nov 12 '19 11:11 quasilyte

That actually works for me just fine - thanks for the hint!

tmuras avatar Nov 12 '19 15:11 tmuras

I also noticed that your initial question was asked on the 25th of September. For some reason, I haven't noticed it until the recent update. Sorry for the late response.

I think eval is properly handled now, there is even a test case for it. :)

$ phpgrep hello.php 'eval($x)'
hello.php:3: eval('123')
hello.php:5: eval('$x = 1')
$ cat hello.php 
<?php

eval('123');
function f() {
  eval('$x = 1');
}

quasilyte avatar Nov 12 '19 19:11 quasilyte

Oh, ${"*"} is not handled properly inside of eval, now I see it. Try using eval($_) or eval($x), since it only accepts at most argument.

quasilyte avatar Nov 12 '19 19:11 quasilyte