From 39073581032a015e5091497530a1b357854b4e99 Mon Sep 17 00:00:00 2001
From: Ivan <116971836+seshotake@users.noreply.github.com>
Date: Sat, 11 Mar 2023 00:56:18 +0200
Subject: [PATCH] queries/php: add injections for regex and sql injection
 (#6250)

---
 runtime/queries/php/injections.scm | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/runtime/queries/php/injections.scm b/runtime/queries/php/injections.scm
index 614a38509..8d1b97402 100644
--- a/runtime/queries/php/injections.scm
+++ b/runtime/queries/php/injections.scm
@@ -4,3 +4,22 @@
 
 ((comment) @injection.content
  (#set! injection.language "comment"))
+
+((function_call_expression
+ function: (name) @_function
+ arguments: (arguments . (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^preg_")
+ (#set! injection.language "regex"))
+
+((function_call_expression
+ function: (name) @_function
+ arguments: (arguments (_) (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^mysqli_")
+ (#set! injection.language "sql"))
+
+((member_call_expression
+ object: (_)
+ name: (name) @_function
+ arguments: (arguments . (argument (_ (string_value) @injection.content))))
+ (#match? @_function "^(prepare|query)$")
+ (#set! injection.language "sql"))