Minor improvements

[andresriancho]

I found a lost ticket in my issue tracker related to SCA and decided to give it a try. It's something with very low priority for me, but at least I wanted to close this.

When I saw the https://github.com/wvdongen/SCA/ I was completely lost so I added a readme and requirements

No idea about the last state of this project, but the following fail:

• All samate tests
• test_samevar
• test_overwrite_user_var

Test run from README.md (note that I'm ignoring the samate tests)

nosetests core/tests/ --ignore-files=.*samate.*
......................E............F........
======================================================================
ERROR: test_overwrite_user_var (core.tests.test_taint_propagation.TestTaintPropagation)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/pablo/pch/SCA/core/tests/test_taint_propagation.py", line 205, in test_overwrite_user_var
    vulns = PhpSCA(code).get_vulns()
  File "/home/pablo/pch/SCA/core/sca_core.py", line 104, in __init__
    self._start()
  File "/home/pablo/pch/SCA/core/sca_core.py", line 115, in _start
    self.state.global_pnode.accept(self._visitor)
  File "/home/pablo/pch/SCA/core/sca_core.py", line 47, in accept
    item.accept(visitor)
  File "/home/pablo/pch/SCA/core/sca_core.py", line 30, in accept
    skip = visitor(nodeinst)
  File "/home/pablo/pch/SCA/core/sca_core.py", line 166, in _visitor
    newobj, stoponthis = visitor.visit(node, self.state)
  File "/home/pablo/pch/SCA/core/visitors/assignment_visitor.py", line 60, in visit
    var_name = varnode.name
AttributeError: 'ArrayOffset' object has no attribute 'name'

======================================================================
FAIL: test_samevar (core.tests.test_vulnerabilities.TestVulnerabilities)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/pablo/pch/SCA/core/tests/test_vulnerabilities.py", line 188, in test_samevar
    self.assertIn('XSS', vulns)
AssertionError: 'XSS' not found in {}

----------------------------------------------------------------------
Ran 44 tests in 0.069s

FAILED (errors=1, failures=1)

Do you have any interest in fixing these bugs?

[wvdongen]

Hey Andres, I'll have a look at this when I've got some time (probably within 3 weeks). An intern at our company has worked on SCA for school project. These changes are currently in a private repo. I'll try to merge these changes as well.

[andresriancho]

An intern at our company has worked on SCA for school project. These changes are currently in a private repo. I'll try to merge these changes as well.

Ah, that would be awesome. With all these new changes, what do you think about creating a pypi package for SCA? That way people would be able to pip install php-sca and tools like w3af wouldn't have to keep a copy of the whole thing in a subdirectory.

[wvdongen]

Sorry for the delay. We're currently talking with another intern, who perhaps wants to work on this project. Within few weeks he should be able to get everything up and running and post some updates of the code.