From a5f070cd7d982ae96ad72fb79420407574e7682a Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 27 Jun 2022 20:55:20 +0200
Subject: Dump the eval'ed code

---
 src/php_snuffleupagus.h                         | 7 +++++++
 src/sp_execute.c                                | 2 ++
 src/sp_utils.c                                  | 9 +++++++++
 src/tests/dump_request/dump_eval_blacklist.phpt | 2 ++
 4 files changed, 20 insertions(+)

(limited to 'src')

diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h
index 97fa0e4..a4a0ed4 100644
--- a/src/php_snuffleupagus.h
+++ b/src/php_snuffleupagus.h
@@ -148,6 +148,13 @@ u_long execution_depth;
 HashTable *disabled_functions_hook;
 HashTable *sp_internal_functions_hook;
 HashTable *sp_eval_blacklist_functions_hook;
+
+#if PHP_VERSION_ID >= 80000
+zend_string* eval_source_string;
+#else
+zval* eval_source_string;
+#endif
+
 ZEND_END_MODULE_GLOBALS(snuffleupagus)
 
 ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus)
diff --git a/src/sp_execute.c b/src/sp_execute.c
index b81f408..a8798e4 100644
--- a/src/sp_execute.c
+++ b/src/sp_execute.c
@@ -302,6 +302,8 @@ ZEND_API zend_op_array* sp_compile_string(zend_string* source_string,
 #else
 ZEND_API zend_op_array* sp_compile_string(zval* source_string, char* filename) {
 #endif
+  // TODO(jvoisin) handle recursive calls to `eval`
+  SPG(eval_source_string) = source_string;
   zend_op_array* opline = orig_zend_compile_string(source_string, filename);
   sp_sloppy_modify_opcode(opline);
   return opline;
diff --git a/src/sp_utils.c b/src/sp_utils.c
index df2f0d6..d7200b1 100644
--- a/src/sp_utils.c
+++ b/src/sp_utils.c
@@ -177,6 +177,15 @@ int sp_log_request(const zend_string* restrict folder, const zend_string* restri
     ZEND_HASH_FOREACH_END();
     fputs("\n", file);
   }
+
+  if (UNEXPECTED(0 != SPG(in_eval))) {
+#if PHP_VERSION_ID >= 80000
+    fprintf(file, "EVAL_CODE: %s\n", ZSTR_VAL(SPG(eval_source_string)));
+#else
+    fprintf(file, "EVAL_CODE: %s\n", ZSTR_VAL(zval_get_string(SPG(eval_source_string))));
+#endif
+  }
+
   fclose(file);
 
   return 0;
diff --git a/src/tests/dump_request/dump_eval_blacklist.phpt b/src/tests/dump_request/dump_eval_blacklist.phpt
index c9f48e4..a8c1618 100644
--- a/src/tests/dump_request/dump_eval_blacklist.phpt
+++ b/src/tests/dump_request/dump_eval_blacklist.phpt
@@ -38,6 +38,8 @@ if ($res[3] != "GET:get_a='data_get_a' get_b='data_get_b' \n") {
     echo "Invalid POST";
 } elseif ($res[5] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") {
     echo "Invalid COOKIE";
+} elseif ($res[6] != "EVAL_CODE: \$a = strtoupper(\"1234\");\n") {
+    echo "Invalid EVAL_CODE";
 }
 ?>
 --EXPECTF--
-- 
cgit v1.3