Skip to content

Commit

Permalink
Polish demo
Browse files Browse the repository at this point in the history
  • Loading branch information
cyrus-and committed Oct 2, 2023
1 parent 31e7d44 commit 22ab65f
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 26 deletions.
29 changes: 9 additions & 20 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ It consists of:

- a [listener application](#listener-application) that runs locally and is in charge of receiving the tracing information from the PHP extension and performing some analysis in order to show some meaningful data to the user.

![Screenshot](https://gist.githubusercontent.com/cyrus-and/20e1fe4ae91fcd3c823262e7e8344a75/raw/2ccc21c6d82caf49c8e0315a7edd4397b2c51669/screenshot.png)
![Screenshot](https://gist.githubusercontent.com/cyrus-and/20e1fe4ae91fcd3c823262e7e8344a75/raw/07a30cd889614939c80a051a157b7da313908c81/screenshot.png)

## Setup

Expand All @@ -29,17 +29,10 @@ Install the PHP extension, either by using the [deploy script](#deploy-script) o
3. Test that the demo PHP application works:

```console
curl 'http://localhost/?x=Hello+Fracker!'
curl http://localhost/?expression=7*7
```
```
array(2) {
[0]=>
string(5) "Hello"
[1]=>
string(8) "Fracker!"
}
Hello
Fracker
The result is: 49
```

4. Deploy Fracker to the container using the [deploy script](#deploy-script):
Expand All @@ -56,21 +49,17 @@ Install the PHP extension, either by using the [deploy script](#deploy-script) o
```
+++ │ Listening on 0.0.0.0:6666
+++ │
001 │ GET localhost/?x=Hello+Fracker!
001 │ GET localhost/?expression=7*7
001 │ {main}() /var/www/html/index.php +0
001 │ » explode(separator=" ", string="Hello Fracker!") /var/www/html/index.php +7
001 │ » var_dump(value=["Hello", "Fracker!"], values=null) /var/www/html/index.php +9
001 │ » foo(cmd="Hello") /var/www/html/index.php +12
001 │ » » preg_replace(pattern="/[^a-z]/i", replacement="", subject="Hello") /var/www/html/index.php +4
001 │ » » system(command="echo Hello") /var/www/html/index.php +4
001 │ » foo(cmd="Fracker!") /var/www/html/index.php +12
001 │ » » preg_replace(pattern="/[^a-z]/i", replacement="", subject="Fracker!") /var/www/html/index.php +4
001 │ » » system(command="echo Fracker") /var/www/html/index.php +4
001 │ » is_safe(expression="7*7") /var/www/html/index.php +21
001 │ » » preg_match(pattern="/^[0-9+.\\-*\\/() ]+/", subject="7*7") /var/www/html/index.php +12
001 │ » calculate(expression="7*7") /var/www/html/index.php +22
001 │ » » eval("return 7*7;") /var/www/html/index.php +5
+++ │
+++ │ Shutting down...
```

6. Press Ctrl-C to exit Fracker, then run it again with `--help`, and experiment with other options too...
6. Press Ctrl-C to exit Fracker, then run it again with `--help`, and experiment with other options too, for example, pass the `-v` option to show the return values too!

7. Finally stop and remove the container with:

Expand Down
25 changes: 19 additions & 6 deletions demo/index.php
Original file line number Diff line number Diff line change
@@ -1,13 +1,26 @@
<?php

function foo($cmd) {
system('echo ' . preg_replace('/[^a-z]/i', '', $cmd));
function calculate($expression) {
try {
return eval("return $expression;");
} catch (ParseError $error) {
return 'ERROR';
}
}

$a = explode(' ', $_GET['x']);
function is_safe($expression) {
return preg_match('/^[0-9+.\-*\/() ]+/', $expression);
}

@ $expression = $_GET['expression'];

var_dump($a);
if (empty($expression)) {
return;
}

foreach ($a as $cmd) {
foo($cmd);
if (is_safe($expression)) {
$result = calculate($expression);
echo "The result is: $result\n";
} else {
http_response_code(400);
}

0 comments on commit 22ab65f

Please sign in to comment.