scanner/modules/scanner_pattern.php

52 lines
1.2 KiB
PHP
Raw Permalink Normal View History

<?php
class PatternModule extends ScannerModule {
var $filters = array(
array(
'type' => PHPPARSER_EXPRESSION,
'desc' => 'Echoing Sql',
'level' => FAULT_MEDIUM,
'pattern' => '/echo[\(\s].*?\$sql/i'
),
array(
'type' => PHPPARSER_LANGUAGE_CONSTRUCT,
'desc' => 'Evil Eval',
'level' => FAULT_MEDIUM,
'pattern' => '/^eval$/i'
),
array(
'type' => PHPPARSER_FUNCTION_CALL,
'desc' => 'PRINT_R or VAR_DUMP',
'level' => FAULT_MEDIUM,
'pattern' => '/^(print_r|var_dump)$/i'
),
array(
'type' => PHPPARSER_EXPRESSION,
'desc' => 'Developer Email',
'level' => FAULT_MINOR,
'pattern' => '/(?<!dev|qa)@payquik\.com/'
),
array(
'type' => PHPPARSER_FUNCTION_CALL,
'desc' => 'Deprecated Function',
'level' => FAULT_MINOR,
'pattern' => '/^(error_to_log)$/i'
),
);
function PatternModule() {
$this->ScannerModule();
}
function parserCallback( $object ) {
foreach( $this->filters as $filter ) {
if( $object['type'] == $filter['type'] ) {
if( preg_match( $filter['pattern'], $object['name'] ) > 0 ) {
$this->fault( $object, $filter['level'], "Triggered Filter '{$filter['desc']}'" );
}
}
}
}
}
addModule( new PatternModule() );
?>