Illegal offset type

[eapunk]

I got 'Illegal offset type' error on fresh installation via composer.
It is not just a notice. Class method analysis failed.
nikic/php-parser v4.0.2 35b8caf75e791ba1b2d24fec1552168d72692b12
php v7.0
Solved by type casting to string

diff --git a/package/src/progpilot/Transformations/Php/Transform.php 
-        $this->context->get_functions()->add_function($myfunction->get_name(), $myfunction);
+        $this->context->get_functions()->add_function((string)$myfunction->get_name(), $myfunction);
-        $myfunction = $this->context->get_functions()->get_function($func->name, $class_name);
+        $myfunction = $this->context->get_functions()->get_function((string)$func->name, $class_name);

[eric-therond]

Hello @eapunk
thank you for your issue and the fix, I will look as soon as possible, could you share the analyzed php files in input that produce this error ?

Eric

[eapunk]

Here is an example

<?php
class SomeClass
{
    function method1()
    {
        $link = mysqli_connect("localhost", "my_user", "my_password", "world");
        $query = "update linked_docs set deleted=1 where id='" . $_POST['signed_id'] . "'";
        mysqli_query($link, $query);
    }
}

It gives

PHP Warning:  Illegal offset type in isset or empty in .../vendor/designsecurity/progpilot/package/src/progpilot/Dataflow/Functions.php on line 59
PHP Warning:  Illegal offset type in .../vendor/designsecurity/progpilot/package/src/progpilot/Dataflow/Functions.php on line 67
PHP Warning:  Illegal offset type in isset or empty in .../vendor/designsecurity/progpilot/package/src/progpilot/Dataflow/Functions.php on line 22

and no results found.

[eric-therond]

I am not able to reproduce the bug for the moment,
I have tried two configurations :

PHP 7.0.30 (cli) (built: Jun 28 2018 02:38:07) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

and

PHP 7.2.5 (cli) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

and the result is ok :

php builds/progpilot_dev20180513-195151.phar ../../../scripts/test.php 
[
    {
        "source_name": [
            "$query"
        ],
        "source_line": [
            7
        ],
        "source_column": [
            141
        ],
        "source_file": [
            "..\/..\/..\/scripts\/test.php"
        ],
        "sink_name": "mysqli_query",
        "sink_line": 8,
        "sink_column": 233,
        "sink_file": "..\/..\/..\/scripts\/test.php",
        "vuln_name": "sql_injection",
        "vuln_cwe": "CWE_89",
        "vuln_id": "019489a9194e70f461cdf96fab1711dce0a1ccfa26e57e94b6c7220ba1fc448e",
        "vuln_type": "taint-style"
    }
]

what is your exact environment and what is your script or command line to run progpilot ?
thank you for your help

Eric

[eapunk]

I am following Library installation from README.md. And it gives that error.
When I copy composer.lock from progpilot_v0.3.0.phar, it works fine.
composer update will break it again.
The difference in nikic/php-parser from progpilot_v0.3.0.phar and updated installation is in major version: v3.1.5 vs v4.0.2. Maybe here's the thing.
Anyway, I can solve my problem without modifying progpilot by fixing versions as in progpilot_v0.3.0.phar.

PHP 7.0.30-0ubuntu0.16.04.1 (cli) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.30-0ubuntu0.16.04.1, Copyright (c) 1999-2017, by Zend Technologies

[eric-therond]

Hello @eapunk
Thank you, the bug has been reproduced in my side,
It's ok for me if you can submit a pull request that will fix the bug

Eric

[eric-therond]

There was effectively a big update on nikic/PHP-Parser, the structure of the nodes has changed.
So cast to string is not sufficient, we could use toString() method :

$func->name->toString();

but a lot of others subnodes are affected :
https://github.com/nikic/PHP-Parser/blob/master/UPGRADE-4.0.md

I will look in details

Eric

[eric-therond]

It's fixed in the last version of ircmaxell/php-cfg