mirror of
https://github.com/macintoshplus/doc-fr.git
synced 2026-03-24 08:52:09 +01:00
87 lines
2.3 KiB
XML
87 lines
2.3 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!-- $Revision$ -->
|
|
<!-- EN-Revision: cfe2c34143ab17e522b1594ae0902b7245f072d5 Maintainer: yannick Status: ready -->
|
|
<!-- Reviewed: no -->
|
|
|
|
<book xml:id="book.taint" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
|
|
<?phpdoc extension-membership="pecl" ?>
|
|
<title>Taint</title>
|
|
<titleabbrev>Taint</titleabbrev>
|
|
|
|
<preface xml:id="intro.taint">
|
|
&reftitle.intro;
|
|
<para>
|
|
Taint est une extension dont le but est de détecter les codes XSS (chaîne
|
|
de caractères corrompue).
|
|
Cette extension peut être utilisée pour mettre en lumière certaines
|
|
vulnérabilités concernant des injections sql, des injections shell, etc.
|
|
</para>
|
|
<para>
|
|
Lorsque taint est actif, si vous passez une chaîne corrompue (provenant de <varname>$_GET</varname>,
|
|
<varname>$_POST</varname> ou <varname>$_COOKIE</varname>) à des fonctions, taint vous en alertera.
|
|
</para>
|
|
<example>
|
|
<title>Exemple avec <function>Taint</function></title>
|
|
<programlisting role="php">
|
|
<![CDATA[
|
|
<?php
|
|
$a = trim($_GET['a']);
|
|
|
|
$file_name = '/tmp' . $a;
|
|
$output = "Welcome, {$a} !!!";
|
|
$var = "output";
|
|
$sql = "Select * from " . $a;
|
|
$sql .= "ooxx";
|
|
|
|
echo $output;
|
|
|
|
print $$var;
|
|
|
|
include $file_name;
|
|
|
|
mysql_query($sql);
|
|
?>
|
|
]]>
|
|
</programlisting>
|
|
&example.outputs.similar;
|
|
<screen>
|
|
<![CDATA[
|
|
Warning: main() [function.echo]: Attempt to echo a string that might be tainted
|
|
|
|
Warning: main() [function.echo]: Attempt to print a string that might be tainted
|
|
|
|
Warning: include() [function.include]: File path contains data that might be tainted
|
|
|
|
Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted
|
|
]]>
|
|
</screen>
|
|
</example>
|
|
</preface>
|
|
|
|
&reference.taint.setup;
|
|
&reference.taint.detail;
|
|
&reference.taint.reference;
|
|
|
|
</book>
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:t
|
|
indent-tabs-mode:nil
|
|
sgml-parent-document:nil
|
|
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:nil
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
vim600: syn=xml fen fdm=syntax fdl=2 si
|
|
vim: et tw=78 syn=sgml
|
|
vi: ts=1 sw=1
|
|
-->
|