[querydb] Add scan rule for Twig Template Injection detection

[piggyctf]

Add scan rule in querydb to detect potential Twig Template Injection (PHP) vulnerabilities

• Introduced a new rule to identify potential Twig template injection issues.
• Tested with compiled source code (using some juicy public CTF sample code) and confirmed successful detection.

[itsacoderepo]

Thanks again @piggyctf!

Can you share some test code? :)

[piggyctf]

Thanks again @piggyctf!

Can you share some test code? :)
The test code was added in the commit 2a31e79. Let me know if anything is needed 😄

[maltek]

the filter() here can be more idiomatically expressed as .methodFullName("(?i).*twig.*")

[piggyctf]

Hi maltek, thanks for your comments. I've updated in 7471b8a as you recommended, however, there is one test failed at io.joern.rubysrc2cpg.io.RubySrc2CpgHTTPServerTests after the change. My code has nothing to do with rubysrc2cpg module, this error happened once before when I added a another rule for detecting a Java vulnerability, and then it suddenly disappeared without any further changes.. Could you please take a look at it?

[maltek]

• you've also deleted the .argument at the end. Could you add that back please? Even if it seems to work, it's not really correct: in a dataflow query a call stands for the return value of that call. And for a template we're not interested in the output of template expansion, but only in the input that's used as a template. So we want to use the argument of the call as the sink, not its return value. (Sorry if I wasn't clear about what to change.)
• Github shows that all checks have passed, so the test seems to work in our CI environment. I can't say much about why it'd fail on your machine.

[piggyctf]

The sink should be fixed in dc4cf9f. Thanks for pointing that out. Please let me know if any concerns :)