Add the new PHP language generator #16
Conversation
zeroSteiner
force-pushed
the
feat/lang/php
branch
from
afe6606 to
d5a8df2
Compare
zeroSteiner
force-pushed
the
feat/lang/php
branch
from
d5a8df2 to
5d1cfa0
Compare
|
We could probably add some tests in the future; but looks like things are working now 📈 |
| ) | ||
|
|
||
| PHPOpts = DefaultOpts.merge( | ||
| prefix: '$', |
There was a problem hiding this comment.
I have a feeling we might need to come back to this pattern again in the future; as I imagine we'd want to use the same rig for classnames as well as variables, and it wouldn't be possible to use this current approach for that
i.e.
<<~EOF
class #{rig['class']} {
public function __wake() {
$#{rig['payload']} = '...';
}
}
EOF
Also in some scenarios we might want to have the identifier without the $ prefix, such as when accessing params in PHP - such as $_GET['#{rig['injection_param']}']; etc
There was a problem hiding this comment.
Well if the $ acts as a namespace, then maybe the language should have been named php-vars or something so we could add php-class because you could have a class named Foobar and a variable named $Foobar with separate values right? So it doesn't necessarily make sense to track them together here. For code readability it'd make sense to not reuse the identifiers, but obfuscation is part of the point here, so all the better if names are reused but still valid.
2 participants
Add a new language definition for PHP which will be needed by a Metasploit PR shortly. There doesn't appear to be any keywords that are invalid variable names for PHP, presumably because variables are defined with a
$prefix. This also adds a prefix definition which is different from the first character to suit PHP's need for variables to start with$and be followed by a letter or underscore where as subsequent characters can include numbers.