/**
 * Default configuration for PHP-SAT. This file is distributed as
 * an example. The altering of the file will not be picked up by PHP-SAT
 * automatically. If the file has been changed you will have to pass it to
 * PHP-SAT explicitly using the -cf flag.
 *
 * @author Eric Bouwers
 */
[tainted sources]
  /** 
   * Pre-defined global variables.
   * The default to raw-input
   */
  array: _SERVER     array: _SESSION
  array: _GET        array: _REQUEST
  array: _POST       array: _FILES
  array: _COOKIE

[sensitive sinks]
  /**
   * Only the constructs for now.
   * A reasonable first level.
   */
  construct: echo    (escaped-html && escaped-slashes)
  construct: print   (escaped-html && escaped-slashes)
  construct: exit    (matched-string || string-from-list)
  construct: die     (matched-string || string-from-list)
  construct: include (string-from-list)
  construct: require (string-from-list)

[function result]
  /** 
   * Some specific functions.
   */
  function: addslashes       level: escaped-slashes
  function: htmlentities     level: escaped-html
  function: htmlspecialchars level: escaped-html
  function: escapeshellcmd   level: escaped-shell
  function: escapeshellarg   level: escaped-shell
  function: mysql_real_escape_String   level: escaped-sql